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BGP 


Course Introduction 


Overview 


The Configuring BGP on Cisco Routers (BGP) v3.1 course provides students with in-depth 
knowledge of Border Gateway Protocol (BGP), the routing protocol that is one of the 
underlying foundations of the Internet and New World technologies such as Multiprotocol 
Label Switching (MPLS). This curriculum covers the theory of BGP, configuration of BGP on 
Cisco IOS routers, detailed troubleshooting information, and hands-on exercises that provide 
learners with the skills that they need to configure and troubleshoot BGP networks in customer 
environments. Different service solutions in the curriculum cover BGP network design issues 
and usage rules for various BGP features, preparing learners to design and implement efficient, 
optimal, and trouble-free BGP networks. 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
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Course Goal and Objectives 


This section describes the course goal and objectives. 


Course Goal 


“To provide learners with in-depth 


knowledge of BGP” 


Configuring BGP on Cisco Routers (BGP) v3.1 


BGP v3.1—-3 


Upon completing this course, you will be able to meet these objectives: 


= Configure, monitor, and troubleshoot basic BGP to enable interdomain routing in a network 
scenario with multiple domains 


m Use BGP policy controls to influence the route selection process with minimal impact on 
BGP route processing in a network scenario where you must support connections to 
multiple ISPs 


m= Use BGP attributes to influence the route selection process in a network scenario where 
you must support multiple connections 


m= Implement the correct BGP configuration to successfully connect the customer network to 
the Internet in a network scenario where you must support multiple connections 


m Enable the provider network to behave as a transit autonomous system in a typical service 
provider network with multiple BGP connections to other autonomous systems 


m= Identify common BGP scaling issues and enable route reflection and confederations as 
possible solutions to these issues in a typical service provider network with multiple BGP 
connections to other autonomous systems 


m Use available BGP tools and features to optimize the scalability of the BGP routing 
protocol in a typical BGP network 


2 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Course Outline 


The outline lists the modules included in this course. 


Course Outline 


¢ BGP Overview 


¢ BGP Transit Autonomous Systems 
¢ Route Selection Using Policy Controls 
* Route Selection Using Attributes 


¢ Customer-to-Provider Connectivity with BGP 


¢ Scaling Service Provider Networks 


¢ Optimizing BGP Scalability 
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Cisco Certifications 


This topic lists the certification requirements of this course. 


Cisco Certifications 


Cisco Certifications 


www .cisco.com/go/certifications 


© 2004 Cisco Systems, Inc. All rights reserved 


This education offering is part of the Cisco CCIP™ program: 


m The CCIP certification indicates advanced knowledge of the technologies and solutions for 
providing data and voice communication and services. 


m The CCIP certification provides individuals with competency in infrastructure or access 
solutions in a Cisco end-to-end environment. 


m= CCIP professionals have a detailed understanding of IP technologies as represented by the 
Cisco courses Building Scalable Cisco Internetworks (BSCI), Implementing Cisco Quality 
of Service (QOS), Configuring BGP on Cisco Routers (BGP), and Implementing Cisco 
MPLS (MPLS). 


There is no prerequisite certification for CCIP; however, a valid Cisco CCNA® certification is 
highly recommended. 
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Learner Skills and Knowledge 


This topic lists the course prerequisites. 


Prerequisite Learner Skills 


and Knowledge 
IS 


Interconnecting 
Cisco Network 
Devices (ICND) 
Configuring BGP on 
Cisco Routers (BGP) 
Building Scalable 
Cisco Internetworks 
(BSCl) 


© 2004 Cisco Systems, Inc. All rights reserved 


To benefit fully from this course, you must have these prerequisite skills and knowledge: 


= Completion of the Interconnecting Cisco Network Devices (ICND) course or CCNA 
certification 


= Completion of the Building Scalable Cisco Internetworks (BSCI) course or equivalent 
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Learner Responsibilities 


This topic discusses the responsibilities of the learners. 


Learner Responsibilities 


* Complete 
prerequisites 


° Introduce 
yourself 


° Ask questions 


To take full advantage of the information presented in this course, you must have completed the 
prerequisite requirements. 


In class, you are expected to participate in all lesson exercises and assessments. 
In addition, you are encouraged to ask any questions relevant to the course materials. 


If you have pertinent information or questions concerning future Cisco product releases and 
product features, please discuss these topics during breaks or after class. The instructor will 
answer your questions or direct you to an appropriate information source. 
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General Administration 


This topic lists the administrative issues for the course. 


General Administration 


Class-Related Facilities-Related 
° Sign-in sheet ¢ Site emergency 


procedures 
° Rest rooms 


¢ Course materials 


¢ Length and times 
° Attire * Telephones/faxes 


¢ Break and lunchroom 
locations 


The instructor will discuss these administrative issues: 


m Sign-in process 
m™ Starting and anticipated ending times of each class day 
m Class breaks and lunch facilities 
m Appropriate attire during class 
m= Materials that you can expect to receive during class 
m= What to do in the event of an emergency 
= Location of the rest rooms 
= How to send and receive telephone and fax messages 
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Course Flow Diagram 


This topic covers the suggested flow of the course materials. 


Course Flow Diagram 


Day 1 


Course 
Introduction 


BGP 
Overview 


BGP 
Overview 
(Cont.) 


M BGP Overview 


BGP Transit 
Autonomous 
Systems 


BGP Transit 
Autonomous 
Systems Lab 


Route 
Selection 
Using Policy 
Controls 


Route 
Selection 
Using Policy 
Controls Lab 


Route 
Selection 
Using 
Attributes 


Route Selection ee re 
Using Attributes 
Lab Networks Lab 
Optimizing 
BGP 
Scalability 


Customer-to- 
Provider 
Connectivity 
with BGP 


Customer-to- 
Provider 
Connectivity 
with BGP (Cont.) 


Optimizing 
BGP 
Scalability 
Lab 

Scaling 
Service 
Provider 
Networks 


The schedule reflects the recommended structure for this course. This structure allows enough 
time for the instructor to present the course information and for you to work through the lab 
exercises. The exact timing of the subject materials and labs depends on the pace of your 


specific class. 
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Icons and Symbols 


This topic shows the Cisco icons and symbols used in this course. 


Cisco Icons and Symbols 


Network 


a) Router E> PIX Firewall C D) Cloud, 


White 


Network 


L==4 Wormaroup =F, 00BASE-TX y ) Cloud, 
es lg : [a Hub , ) Standard 


Y ColorlSubdued 
Color 


Terminal 
Server 
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Learner Introductions 


10 


This is the point in the course where you introduce yourself. 


Learner Introductions 


¢ Your name 


¢ Your 
company 


° Skills and 
knowledge 


¢ Brief history 


° Objective 


Prepare to share the following information: 


‘Your name 

Your company 

If you have most or all of the prerequisite skills 
A profile of your experience 


What you would like to learn from this course 
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Module 1| 


BGP Overview 


Overview 


The Border Gateway Protocol (BGP) is an interdomain (interautonomous system) routing 
protocol that is used to exchange routing information for the Internet. BGP, by design, is a very 
robust and scalable routing protocol. Because BGP is deployed as an interdomain routing 
protocol, it has many rich features that allow administrators to implement a variety of routing 
policies. This module covers basic BGP technology, details BGP session establishment and 


routing information exchange, and describes basic Cisco IOS configuration and troubleshooting 
tasks. 


Module Objectives 


Upon completing this module, you will be able to describe basic BGP technology. 


Module Objectives 


° Identify appropriate BGP usage and its limitations 


* Describe the concept of BGP neighbors and 
neighbor session establishment procedures 


* Describe interdomain route processing, route 
propagation, and BGP path selection 


* Successfully configure BGP 


° Verify proper operation and perform the steps 
necessary to correct basic BGP configuration 
errors 
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Module Outline 


The outline lists the components of this module. 


Module Outline 
_ Cisco.com | 


° Introducing BGP 

* Establishing BGP Sessions 

* Understanding BGP Path Attributes 
* Processing BGP Routes 


* Configuring Basic BGP 


* Monitoring and Troubleshooting BGP 
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Introducing BGP 


Overview 


Border Gateway Protocol (BGP) is an interautonomous system routing protocol that is used to 
exchange routing information between the Internet and Internet service providers (ISPs). BGP 
is a very robust and scalable routing protocol, which is demonstrated by the fact that it is the 
routing protocol that is used on the Internet. This lesson introduces basic BGP characteristics 
and features. 


Relevance 


Service providers and customer networks, such as universities and corporations, usually use an 
Interior Gateway Protocol (IGP) such as Routing Information Protocol (RIP), Enhanced 
Interior Gateway Routing Protocol (EIGRP), or Open Shortest Path First (OSPF) for the 
exchange of routing information within their networks. Any communication between these 
IGPs and the Internet or between service providers will be accomplished through BGP. 


Objectives 


Upon completing this lesson, you will be able to identify appropriate BGP use and limitations. 
This includes being able to meet these objectives: 


m Describe the requirements and use of scalable interdomain routing 
m Identify basic BGP characteristics and features 

m Explain why BGP is used by single-homed customers 

m Explain why BGP is used by multihomed customers 

m Explain why BGP is used in transit autonomous systems 


m Explain BGP limitations 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Outline 


The outline lists the topics included in this lesson. 


Outline 
OE EO ee (Cisco.com 


° Overview 
° Interdomain Routing 
¢ BGP Characteristics 


¢ Single-Homed Customers 


¢ Multihomed Customers 

* Transit Autonomous Systems 
° BGP Limitations 

° Summary 
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Interdomain Routing 


This topic defines interdomain routing and the design goals of interdomain routing protocols. 


Interdomain Routing 


AS65001 «>= 


7 = 


> 
a 


An autonomous system (AS) is a collection of networks under 
a single technical administration. 

An Interior Gateway Protocol (IGP) is run inside an autonomous 
system resulting in optimum intra-AS routing. 

An exterior gateway protocol (EGP) is run between autonomous 
systems to enable routing policies and improve security. 
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When talking to people who are involved with Internet routing, network administrators 
commonly use the terms “autonomous system,” “interdomain routing,” and “interior” and 
“exterior routing protocol.” These terms, confusing for a novice, are defined as follows: 


m An autonomous system (AS) is a collection of networks under a single technical 
administration. Other definitions refer to a collection of routers or IP prefixes, but in the 
end they are all essentially the same thing. The important principle is the technical 
administration, which means sharing the same routing protocol and routing policy. Legal 
and administrative ownership of the routers does not matter with autonomous systems. 
Autonomous systems are identified by AS numbers. AS numbers are 16-bit, unsigned 
integers ranging from 1 to 65535. Public AS numbers (1 — 64511) are assigned and 
managed by an Internet registry. A range of private AS numbers (64512 — 65535) has been 
reserved for customers that need an AS number to run BGP in their private networks. 


m Interdomain routing is routing between autonomous systems. It is usually based on a set of 
policies, not just the technical characteristics of the underlying infrastructure. 


m Exterior routing protocols (BGP being the only exterior routing protocol that is used today) 
are protocols that have the right set of functions to support various interdomain routing 
policies. Such protocols are contrary to interior routing protocols (for example, OSPF, RIP, 
or EIGRP), which focus only on finding the optimum (usually fastest) route between two 
points, with no respect to routing policies. 
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Interdomain Routing (Cont.) 


Scalability 
¢ Internet has more than 110,000 routes and is still 
growing. 
Secure routing information exchange 


¢ Routers from another autonomous system cannot 
be trusted. 


° Tight filters are required; authentication is 
desirable. 


Support for routing policies 


¢ Routing between autonomous systems might not 
always follow the optimum path. 


BGP v3.1—1-6 


The design goals for any interdomain routing protocol include the following: 


# Scalability: An interdomain routing protocol has to be able to support Internet routing, 
which consists of more than 110,000 routes. 


= Secure information exchange: Because the routers from other autonomous systems 
cannot be trusted, tight filters on routing updates and router authentication are desirable 
features. 


= Support for routing policies: Routing between autonomous systems might not always 
follow the optimum path, and exterior routing protocols have to support a wide range of 
customer requirements. 
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Example 


Why External Routing Protocols? 


Company X (AS 20) 


ee 


Company A (AS 1) 


: Assuming standard IGP route selection rules, how will the traffic 
between AS 1 and AS 20 flow? 


: Will AS 2 allow this traffic? 
: How would you solve this problem with OSPF or EIGRP? 


inc. Alll rights 


The figure illustrates the need for an interdomain routing protocol. It depicts two companies 
that are connected to the Internet via leased lines of differing speed. 


In routing protocols other than BGP, routing decisions are normally made to take advantage of 
the highest bandwidth available. Doing so would make traffic between AS 1 and AS 20 flow 

via AS 2. This situation is not desirable for AS 2, because it would allow the users in Company 
A to generate traffic on the Internet access line that was purchased and paid for by Company B. 


Company B is unlikely to allow traffic from Company A to reach the Internet using the 
Company B access line. Company B, in fact, could create an access-list blocking all IP packets 
from AS 1 from being transmitted on the 2-Mbps serial line from Company B to the Internet. 
That action would create a black hole because Company A would send its packets to Company 
B and then Company B would drop them. 


To avoid this situation, Company B must make sure that the packets from Company A, which 
are destined to the Internet, are never sent to Company B. Also, Company B must make sure 
that packets from the Internet that are destined for Company A are never sent using the Internet 
access line to Company B. Company B could implement a routing policy that indicates that AS 
2 will receive reachability information from AS 1 for its own use but that AS 2 will not forward 
that particular information to the Internet. Also, AS 2 will receive reachability information 
about the Internet from its ISP but will never forward that information to AS 1. Only networks 
local to AS 2 will be sent to AS 1. 


The result of this routing policy would be that AS 1 sees all networks within AS 2 as reachable 
over the 2-Mbps link that directly connects AS 1 with AS 2. The routers in AS 1 will not see 
the rest of the Internet as reachable through AS 2. Therefore, AS 1 forwards packets toward the 
Internet directly over the 64-kbps link. 
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Also, the IP networks in AS 1 will appear reachable by AS 2 over the 2-Mbps link, which 
directly connects AS 1 with AS 2. However, the ISP will not receive that reachability 
information from AS 2; it will receive it only from AS 1. Therefore, traffic from the Internet to 
Company A will be transmitted over the 64-kbps link. 


This routing policy is easy to implement when network administrators are using BGP but 
impossible to implement with any other routing protocol. EIGRP, for example, can do route 
filtering only on individual IP subnets, not on all prefixes belonging to an AS. Link-state 
protocols, such as OSPF, cannot do powerful route filtering at all. BGP can do this routing 
based on AS numbers, which makes it possible to scale BGP over the Internet. 
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BGP Characteristics 


This topic describes the basic characteristics of BGP. 


BGP Characteristics 


BGP is a distance vector protocol with 
enhancements: 


° Reliable updates 
* Triggered updates only 


* Rich metrics (called path attributes) 
Designed to scale to huge internetworks 


BGP is a distance vector protocol. This means that it will announce to its neighbors those IP 
networks that it can reach itself. The receivers of that information will say “if that AS can reach 
those networks, then I can reach them via the AS.” 


If two different paths are available to reach the same IP subnet, then the shortest path is used. 
This determination requires a mechanism capable of measuring the distance. All distance vector 
protocols have such mechanisms, called “metrics.” BGP contains a very sophisticated method 
of computing the shortest path by using attributes that are attached to the reachable IP subnet. 


BGP sends routing updates to its neighbors by using a reliable transport. This means that the 
sender of the information always knows that the receiver has actually received it. As a result, 
there is no need for periodic updates or routing information refreshments. In BGP, only 
information that has changed is transmitted. 


The reliable information exchange, combined with the batching of routing updates that is also 
performed by BGP, allows BGP to scale to Internet-sized networks. 
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BGP Characteristics (Cont.) 
I | 


Reliable Updates 

¢ Use TCP as transport protocol 

* No periodic updates 

* Periodic keepalives to verify TCP connectivity 


* Triggered updates are batched and rate-limited 
—Every 5 seconds for internal peer 
—Every 30 seconds for external peer 


The reliable transport mechanism that is used by BGP is standard TCP. BGP is an application 
protocol that uses both the TCP and IP protocols for reliable connections. 


Because BGP uses a reliable transport, the sender will know that the receiver has actually 
received the transmitted information. This capability makes periodic updates unnecessary. 


A router that has received reachability information from a BGP peer must be sure that the peer 
router is still there. Otherwise, the router could route traffic toward a next-hop router that is no 
longer available, causing the IP packets to be lost in a black hole. TCP does not provide the 
service to signal that the TCP peer has been lost, unless some application data is actually 
transmitted between the peers. In an idle state, where there is no need for BGP to update its 
peer, the peer could be unreachable without TCP detecting it. Therefore, BGP takes care of 
detecting the presence of neighbors by periodically sending small BGP keepalive packets to 
them. These packets are considered application data by TCP and therefore must be transmitted 
reliably. According to the BGP specification, the peer router also must reply with a BGP 
keepalive packet. 


When BGP was created, a key design goal was to be able to handle enormous amounts of 
routing information in very large and complex networks. In this environment, many links could 
go up and down (flapping), causing topology changes, which must be considered by the routing 
protocol. But low convergence time and quick responses to topology changes require fast 
updates and high CPU power to process both incoming and outgoing updates. The larger the 
network, the more updates per second can be expected if immediate response is required. The 
presence of too many updates in large networks can jeopardize network scalability. 
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The designers of BGP decided that scalability was a more important issue than low 
convergence time, so BGP was designed to batch updates. Any changes that are received within 
the batch interval time are saved. At the end of the interval, only the remaining result is 
forwarded in an outgoing update. If a network flaps several times during the batch interval, 
only the state at the end of the interval is sent in an update. The batching feature avoids an 
uncontrolled flood of updates all over the Internet because the amount of updates is limited by 
the batching procedure. 


BGP Characteristics (Cont.) 
A | 


Protocol Development Considerations 

* BGP was designed to perform well in: 
—Interdomain routing application 
— Huge internetworks with large routing tables 


— Environments that require complex routing 
policies 


* Some design tradeoffs that were made: 


—BGP uses TCP for reliable transport - 
CPU-intensive 


— Scalability is the top priority - slower 
convergence 
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The designers of the BGP protocol have succeeded in creating a highly scalable routing 
protocol, which can forward reachability information between autonomous systems (also 
known as routing domains). BGP designers had to consider an environment with an enormous 
number of reachable networks and complex routing policies that were driven by commercial 
rather than technical considerations. 


TCP, a well-known and widely proven protocol, was chosen as the transport mechanism. That 
decision kept the BGP protocol simple, but it increased the CPU resource requirements for 
routers running BGP. The point-to-point nature of TCP also introduces a slight increase in 
network traffic, because any update that should be sent to many receivers has to be multiplied 
into several copies, which are then transmitted on individual TCP sessions to the receivers. 


Whenever there was a design choice between fast convergence and scalability, scalability was 
the top priority. Batching of updates and the relatively low frequency of keepalive packets are 
examples of where designers placed convergence time second to scalability. 


Note BGP convergence times can be modified with the configuration of nondefault values for BGP 
scan and advertisement timers. Refer to the “Optimizing BGP Scalability” module for more 
information on tuning BGP convergence. 
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BGP Characteristics (Cont.) 
_———— ee eeeer/ lS SANT 


Common BGP uses: 


e Customer connected to more than one service 
provider 


° Service provider networks (transit autonomous 
systems) 


* Service providers exchanging traffic at an 
exchange point (CIX, GIX, NAP, ...) 


* Network cores of large-enterprise customers 
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The figure shows typical scenarios where BGP is usable. These scenarios include the 
following: 


m™ Customers connected to more than one service provider. 
m ISP networks themselves acting as transit systems and forwarding external traffic. 


m Exchange points, which can be defined by the network access point (NAP) between region 
and core. International exchange points can be defined by either Commercial Internet 
eXchange (CIX) or Global Internet eXchange (GIX) points. 


m Very large enterprises using BGP as their core routing protocol. 
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Single-Homed Customers 


This topic explains when a single-homed customer should use BGP as an interdomain routing 
protocol. 


Single-Homed Customers 
SS ee ed 


Large customer or small ISP connecting to the Internet 


Customer or Small Service Provider 
Service Provider 
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The figure shows a customer network connected to the Internet using a single ISP, but such a 
scenario is generally not the case when BGP is used. Normal Internet access to a single ISP 
does not require BGP; static routes are more commonly used to handle this situation. Small 
ISPs buying Internet connectivity from other ISPs use this type of connectivity more often, 
especially if they want to start their business the proper way—by using their own AS number 
and having their own address space. 
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Single-Homed Customers (Cont.) 


Use guidelines: 


e Use BGP between the customer and the service 
provider: 


—Customers multihomed to the same service 
provider 


— Customer that needs dynamic routing protocol 
with the service provider to detect failures 


— Hint: Use private AS number for these 
customers 


— Smaller ISPs that need to originate their routes 
in the Internet 


° Use static routes in all other cases 
— Static routes are always simpler than BGP 
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Under certain conditions, BGP must be configured between the customer and the service 
provider. For example, BGP is needed when customers are multihomed to the same service 
provider (that is, the customer networks have multiple links connecting them with the service 
provider network) and require dynamic routing protocol interaction with the service provider to 
detect link failures. Private AS numbers (AS numbers above 64512) are usually implemented in 
BGP configurations for these customers. 


Customers that plan to connect to more than one ISP, and small ISPs that plan to have multiple 
Internet connections in the future, usually use BGP with their service provider. They use this 
option even when they have a single link with the service provider in order to be prepared for 
future upgrades. 


In all other cases, using static routes from the service provider toward the customer and using a 
default static route from the customer toward the service provider is the preferred method of 
provider-to-customer routing in the Internet. 
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Multihomed Customers 


This topic explains when BGP is appropriate for the multihomed customer. BGP use guidelines 
for multihoming are also discussed. 


Multihomed Customers 


Customer connecting to more than one service provider 


Service Provider #1 


Multihomed 
Customer 
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The figure illustrates a customer network that is connected to two different ISPs, which requires 
the use of BGP for full redundancy. 


The customer must have its own officially assigned AS number. The customer is also 
responsible for announcing its own IP networks to both ISPs. Both ISPs forward all routes 
received from the Internet to the customer network. The customer should avoid forwarding any 
routing information received from one ISP to the other. Otherwise, the customer will become a 
transit provider between the two ISPs. This is a situation that most customers like to avoid 
because it creates a resource drain on routers and network links. 


Full redundancy is achieved in this setup. If either of the two access links fails, the reachability 
information that was previously transmitted on the now-failed link will be withdrawn. But BGP 
reachability information is still announced by the customer router over the remaining link. 
Thus, the ISP will still see all networks within the customer AS as reachable but only over the 
remaining path. Also, received routes from the Internet will be withdrawn when the link fails, 
but routes received over the remaining link are not affected. Thus, the Internet, including the 
ISP to which the direct connection has failed, is still reachable over the remaining link. 
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This design can also handle other problems. A case where both access links are available, but 
the connection between one of the ISPs and the rest of the Internet is lost, works as follows: 
The ISP that has a problem reaching the rest of the Internet withdraws all those routes and tells 
the customer AS that it can no longer reach the Internet. But the networks local to the ISP with 
the Internet reachability problem are still reachable by the customer, so those routes are not 
withdrawn. The networks in the customer AS are still reachable by the ISP in trouble, but that 
ISP can no longer forward the announcement to the rest of the Internet. The rest of the Internet 
will, however, see the customer networks as reachable over the path to the other ISP, which is 
fully functional. 


Multihomed Customers (Cont.) 


Use guidelines: 


* BGP is almost mandatory for multihomed 
customers. 


¢ Multihomed customers have to use public AS 
numbers. 


¢ Multihomed customers should use provider- 
independent address space. 
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The following use guidelines apply to multihomed customers: 


m Although there are designs where BGP could be avoided, most multihomed customers need 
to use BGP with their service providers. 


m= The multihomed customers must have their own AS number, and it is recommended to use 
a public AS number. 


= Multihomed customers should use a provider-independent address space, which is allocated 
to them directly by an Internet registry. 


1-16 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Transit Autonomous Systems 


This topic describes the use of BGP in a transit autonomous backbone. 


Transit Autonomous Systems 
I 


Using BGP to exchange routes is mandatory for 
transit autonomous systems (provider networks 
carrying customer traffic). 


Internet 


Multihomed Another Service 
Customer Provider 


= 
~~ 


Service Provider 
(Transit AS) 


BGP is most commonly implemented in service provider networks to ensure connectivity 
between customers and the rest of the Internet. An ISP might exchange BGP updates with the 
customers or use static routing toward them. It also connects to other ISPs and is required to 
forward the routes that are received from the customers to the rest of the Internet, as well as in 
the other direction. As a result, user data traffic starts to flow between the customers and the 
rest of the Internet. Such a network, providing transit services to traffic that is originated in 
other networks, is thus called a “transit autonomous system,” or “transit AS.” A transit AS is an 
AS that exchanges BGP routing information with other autonomous systems and forwards 
information received from one AS to another AS. 


When routing information is forwarded, the receiver will see an available path to a destination 
and start transmitting user data toward the destination using that path. The transit AS must be 
prepared to relay the user data, as explained later in this course. 


ISP networks can sometimes have dedicated peer-to-peer connections, using, for example, 
packet over SONET (POS). These connections are sometimes called private peering. ISPs also 
interconnect at exchange points. Technically, an exchange point is just a multiaccess subnet: a 
LAN (for example, a Gigabit Ethernet or Fast Ethernet switch), a Dynamic Packet Transport 
(DPT) ring, or an ATM switch. Many ISPs can connect to an exchange point and establish BGP 
sessions. 


The benefit of an exchange point is that it is highly scalable. There is no need for additional 
physical interfaces in the ISP border router when a new ISP is launched. If the already- 
established ISPs want to, they can open a BGP session with the new ISP. When this is done, 
they start to exchange routing information and then user data traffic over the exchange point. 
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BGP Limitations 


This topic describes some of the limitations of BGP. 


BGP Limitations 


BGP and associated tools cannot express all 
routing policies. 


* You cannot influence the routing policies of 
downstream autonomous systems. 


“BGP does not enable one AS to send traffic 
to a neighbor AS intending that the traffic 
take a different route from that taken by traffic 
originating in the neighbor AS.” 


RFC 1771 


BGP-enabled routers make forwarding decisions based on the destination IP address only; the 
source IP address does not affect the decision. If an AS acts as a transit AS for other 
autonomous systems, the IP packets that are created and transmitted from the other autonomous 
systems are not treated differently from the IP packets that are created and transmitted from the 
local AS. If the local AS has decided that the best path to reach a certain destination is via a 
specific next-hop router, then it will route all user data traffic toward the final destination via 
that specific next-hop router. The local AS makes its decision based on destination address 
only, regardless of which IP host has sourced the IP packets. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
ee > eikeaicom | 


¢ BGP has the right set of functions to support the 
various interdomain routing policies. Contrary to 
BGP, interior routing protocols focus only upon 
finding the optimum (usually fastest) route between 
two points, with no respect to routing policies. 


* BGP is an enhanced distance vector protocol with 
reliable transport provided by TCP, a rich set of 
metrics called BGP path attributes, and scalability 
features such as batched updates that make it 
suitable for very large networks. 


¢ Customers that plan to connect to more than one 
ISP, and small ISPs that plan to have multiple 
Internet connections in the future, usually use BGP 
with their service provider. 


Summary (Cont.) 


* Although there are designs where BGP could be 
avoided, most multihomed customers use BGP 
with their service providers. 


° A transit AS is an AS that exchanges BGP routing 
information with other autonomous systems and 
forwards information received from one AS to 
another AS. 


* BGP is bound by IP hop-by-hop destination-only 
routing. Routing policies that deviate from this 
model cannot be implemented with BGP. 
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References 


For additional information, refer to these resources: 


m= For information on basic BGP, refer to “Border Gateway Protocol” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bgp.htm 


m= For further information on basic BGP, refer to “Configuring BGP” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt2/1c 
dbgp.htm 
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Establishing BGP Sessions 


Overview 


BGP is an exterior gateway protocol (EGP) that has been designed for scalability and policy 
control. As a result, BGP requires neighboring routers to be explicitly configured before BGP 
routing updates can be sent between them. This situation differs from IGPs such as EIGRP and 
OSPF that discover neighbors through the use of a broadcast packet or a hello protocol. In this 
lesson, BGP neighbor session establishment procedures are discussed. 


Relevance 


Understanding the BGP neighbor session establishment process is a key component to 
understanding the fundamental operation of the BGP protocol. It also forms a knowledge base 
for later lessons, including configuring basic BGP. 


Objectives 


Upon completing this lesson, you will be able to describe the concept of BGP neighbors and 
neighbor session establishment procedures. This includes being able to meet these objectives: 


m Describe how BGP discovers neighbors 
m Explain BGP session establishment procedures 
m Explain the role of the BGP keepalive in session establishment and maintenance 


m Describe how optional MD5 authentication can protect sessions between BGP peers 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 
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Outline 


The outline lists the topics included in this lesson. 


Outline 
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Overview 
BGP Neighbor Discovery 
Establishing a BGP Session 


BGP Keepalives 
MD5 Authentication 
Summary 
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BGP Neighbor Discovery 


This topic describes how the BGP routing protocol discovers neighbors. 


BGP Neighbor Discovery 


* BGP neighbors are not discovered; they must be 
configured manually. 


° Configuration must be done on both sides of the 
connection. 


* Both routers will attempt to connect to the other 
with a TCP session on port number 179. 


* Only the session with the higher router-ID remains 
after the connection attempt. 


* Source IP address of incoming connection 
attempts is verified against a list of configured 
neighbors. 


Unlike other routing protocols, BGP has no means of automatically detecting neighbors. The 
BGP protocol is carried in a TCP session, which must be opened from one router to the other. 
In order to do so, the router attempting to open the session must be manually configured with 
neighbor information indicating to which IP address to direct its connection attempts. 


The router that receives the incoming connection attempts does not answer them if the attempts 
are not from one of the configured neighbors. The IP source address of the connection attempt 
packet (TCP SYN packet) is verified against the list of IP addresses that the router itself would 
direct its connection attempts to. 


In order to succeed in the connection attempts, both routers are required to be configured to 
reach each other. A side effect of this situation is that they will both attempt to connect. This 
side effect adds robustness to the session establishment process, but it also introduces the risk 
that two BGP sessions will be established between a pair of BGP routers. 


Two routers should have only a single BGP session between them. The router-ID values that 
are exchanged when the BGP session is established allow the BGP routers to detect when two 
parallel sessions exist. Only the session that was initiated by the router with the numerically 
higher router-ID will be retained. The other session is dropped. 


A router may not open a BGP session to itself. If the configured neighbor IP address is, in fact, 
an IP address of the local router, the router will recognize the problem and tear down the 
session. The router-ID is also used for this verification. 
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Example 


BGP Neighbor Discovery (Sent) 


Small BGP Network 
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The network displayed in the figure serves as the sample network to generate printouts in the 
following examples. 
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BGP Neighbor Discovery (Cont.) 


Initially, all BGP sessions to the neighbors are idle. 


Rtr-A#show ip bgp summary 
BGP table version is 1, main routing table version 1 


Vv AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRevd 
4 2a) 0 0 0 0 0 never Idle 
4 37 0 0 0 0 0 never Idle 


002G_373 
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The show ip bgp summary command gives an overview of the BGP status. Each configured 
neighbor is listed in the output of the command. The IP address to which the connection 
attempts are directed is also displayed, along with BGP version number, the remote AS 
number, some counter values, the status of the session, and how long ago the session changed 
state. 


The “Idle” state indicates that the router is currently not attempting any connection 
establishments. 


The different states for a BGP connection are Idle, Active, OpenSent, OpenConfirm, and 
Established. 
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Establishing a BGP Session 


This topic explains the BGP session establishment process. 


Establishing a BGP Session 
ee einen 


* TCP session is established when the neighbor becomes 
reachable. 


* BGP Open messages are exchanged. 


Rtr-A#debug ip tcp transactions 
Rtr-A#debug ip bgp events 


2:06:17: BGP: 2.3.4.5 went from Idle to Active 

2:06:22: TCBO012A910 created 

:06:22: TCBO0012A910 setting property 0 12A8B4 

2:06:22: TCBO012A910 bound to 2.3.4.6.11003 

2:06:22: TCP: sending SYN, seq 3142900499, ack 0 

2:06:22: TCPO: Connection to 2.3.4.5:179, advertising MSS 1460 
2:06:22: TCPO: state was CLOSED -> SYNSENT [11003 -> 2.3.4.5(179)] 
2:06:22: TCPO: state was SYNSENT -> ESTAB [11003 -> 2.3.4.5(179)] 
2:06:22: TCPO: Connection to 2.3.4.5:179, received MSS 1460, MSS is 
460 

2:06:22: TCBO012A910 connected to 2.3.4.5.1790:06:22: 

2:06:22: BGP: 2.3.4.5 went from Active to OpenSent 

2:06:22: BGP: 2.3.4.5 went from OpenSent to OpenConfirm 

2:06:22: BGP: 2.3.4.5 went from OpenConfirm to Established 


oooorooooeoe°oe°c°oo 
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Before any connection attempt is made, the BGP peer relation must have left the Idle state and 
entered the Active state. For a BGP session between two routers in different autonomous 
systems, this situation happens when the IP address of the remote router becomes reachable on 
a directly connected interface. 


The debug output shows how the router creates a socket data structure and binds it to its local 
IP address 2.3.4.6 and a high port number 11003. Then the router sends a TCP SYN packet to 
the configured peer router IP address of 2.3.4.5 and the well-known destination port 179. The 
connection attempt succeeds, and the TCP session is now ready to transfer the BGP 
information. 


The first BGP information sent is the BGP Open message. The BGP session now goes from 
Active state to OpenSent state while waiting for the other router to respond. If the peer router 
accepts the parameters in the Open message, it responds with its own Open message. When the 
local router receives this message, the state goes from OpenSent to OpenConfirm. The local 
router now verifies the peer router parameters in its Open message. If they are accepted, a 
keepalive packet is sent to signal this. The state is now “Established.” 
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Establishing a BGP Session (Cont.) 


The BGP Open message contains: 
¢ BGP version number 

¢ AS number of the local router 

° Holdtime 

¢ BGP router identifier 

* Optional parameters 
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The parameters in the BGP Open message are as follows: 


m= Version number: The suggested version number. The highest common version that both 
routers support will be used. Most BGP implementations today use BGP version 4 (BGP4). 


= AS number: The AS number of the local router. The peer router will verify this 
information. If it is not the AS number that is expected, the BGP session is torn down. 


= Holdtime: The number of seconds that may elapse between receptions of successive BGP 
messages. If the time is exceeded, the peer will be considered dead. The two routers will 
agree to use the lowest suggested value. When the session is established, both routers will 
use keepalive messages to make sure that the hold timer does not expire. A suggested hold- 
timer value of 0 indicates that the timer never expires and no keepalives should be sent. 


= BGP identifier: A number uniquely identifying the router. The Cisco router will use one of 
its IP addresses for this number, the router-ID. The router-ID is selected as the numerically 
highest IP address of any loopback interface. If there is no loopback interface, the router 
will use the highest IP address of any interface that is up at the time of the start of the BGP 
process. 


= Optional parameters: Are type, length, value (TLV) encoded. An example of optional 
parameters is session authentication. 
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Establishing a BGP Session (Cont.) 


BGP Neighbors - steady state 
° All neighbors shall be up (no state info). 


Rtr-A#show ip bgp summary 

BGP table version is 10, main routing table version 10 
3 network entries (3/6 paths) using 516 bytes of memory 
3 BGP path attribute entries using 284 bytes of memory 
0 BGP route-map cache entries using 0 bytes of memory 

0 BGP filter-list cache entries using 0 bytes of memory 


Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcvd 
Zoo aio 495215 als) 22) 10 ie} 0 0:01:47 27 
3.4.5. 4 37 i. nbys 10 ie} 0 0:07:07 35 
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After the BGP sessions are in the Established state, routing information exchange can take 
place. The show ip bgp summary command output here indicates that a session is established 
by not displaying any information at all in the “State” column. 


The counter values show how many messages have been received and sent on the session. 
“InQ” shows how many messages have been received but not yet processed. A high InQ 
number indicates lack of CPU resources to process the input. “OutQ” shows how many 
outgoing messages are queued. A high OutQ number indicates lack of bandwidth to transmit 
the outgoing messages or CPU overload of the other router. 


“TblVer” (table version) is used by the BGP router to track the changes that need to be sent to 
the neighbors. There is a major table version number for the local BGP table. The table version 
number is displayed on the first line of output from this show command. There is also one table 
version number maintained for each of the neighbors of the BGP router; this number is 
displayed on the information line of the neighbors. 


Whenever a BGP router enters a change into its BGP table, the major table version number is 
incremented and the changed route is tagged with this number. When the time comes to update 
a specific neighbor, the router scans the BGP table and all changes that it finds where the 
version number is between the neighbor version and the current table version are sent to the 
BGP neighbor in a single BGP routing update. After the entire table is scanned and all changes 
have been sent to the neighbor, the table version number of the neighbor is set to the highest 
value of the routes being sent. 


A table version of a neighbor that is lower than the major table version indicates that the 
neighbor is not yet fully updated. The update interval for a neighbor in another AS is normally 
30 sec (the default value of the BGP advertisement timer). 


In addition to the information about all sessions to all neighbors, the output also shows the 
amount of memory that is being used for the BGP data structures. 
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BGP Keepalives 


This topic explains the role of the BGP keepalive in session establishment and maintenance. 


BGP Keepalives 


* TCP-based BGP session does not provide any 
means of verifying BGP neighbor presence: 


— Except when sending BGP traffic 
« BGP needs an additional mechanism: 


—Keepalive BGP messages provide verification of 
neighbor existence 


—Keepalive messages sent every 60 seconds 


TCP-based BGP sessions do not provide any means of verifying the presence of a BGP 
neighbor. After BGP has established the TCP session, the only method of verifying neighbor 
presence is to actually send BGP traffic. BGP traffic is sent over the TCP session with 
acknowledgments (ACKs), and is therefore reliable. Successfully sending BGP traffic confirms 
the existence of a BGP neighbor. 


However, there are often long periods of time when no BGP traffic is sent between neighbors. 
During those periods, TCP implements no mechanism to check for the existence of the 
configured neighbor. BGP neighbors could therefore easily be disconnected during times of 
session inactivity. This situation would lead to incorrect routing information on the other side 
of the BGP session. 


To avoid routing packets to a router that is no longer there, BGP needs an additional 
mechanism to make sure that a neighbor exists. BGP sends special keepalive messages during 
every keepalive interval to inform its peer of its presence. By default, this interval happens 
every 60 sec. If no BGP traffic is received within the selected holdtime interval, the BGP router 
sends a BGP notification message to the inactive peer and tears down the BGP session between 
them. The default BGP holdtime value is 180 sec. 


When changing the default values of keepalive and holdtime intervals, you must take care not 
to configure too big a keepalive interval in comparison to the holdtime. Too big a difference 
could result in resetting of the BGP session after only one keepalive message has been missed, 
making a network unstable. The suggested ratio of keepalive to holdtime interval is 1:3. 
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BGP Keepalives (Cont.) 


* Keepalive interval value is not communicated in 
the BGP Open message. 


* Keepalive value is selected as a: 
— Configured value, if local holdtime is used 


— Configured value, if holdtime of neighbor is used 
and keepalive < (holdtime / 3) 


— Smaller integer in relation to (holdtime / 3), if 
holdtime of neighbor is used and keepalive > 
(holdtime / 3) 


As opposed to the holdtime interval, BGP peers do not communicate the keepalive interval in 
the Open message. The selection of a keepalive interval is therefore based on the selected 
holdtime value. The selected holdtime value that is used by both peers is the smaller one of 
both configured values. 


The BGP process selects the keepalive interval value using the following steps: 


Step 1 If the locally configured value of holdtime is selected (being the lower of two), the 
peers will use the locally used keepalive interval. 


Step 2 If the holdtime interval of the neighbor is selected, and the locally configured 
keepalive interval is less than a third of the holdtime interval, the peers will use the 
locally configured keepalive. 


Step 3 If the holdtime interval of the neighbor is selected, and the locally configured 
keepalive interval is more than a third of the holdtime interval, the peers will use the 
smaller integer value in relation to (holdtime / 3). 


Example 


If the selected holdtime equals 17 seconds and the configured keepalive equals 10 seconds, the 
(holdtime / 3) rule will be used to select the keepalive value. Therefore, (17 / 3) = 5.67, and the 
keepalive value used by BGP will equal 5 seconds. 
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MD5 Authentication 


This topic describes how Message Digest 5 (MD5) authentication protects a BGP neighbor 
session. 


MD5 Authentication 
_——————————— ee Ent CISCO!CONT Samay 


° BGP peers may optionally use MD5 TCP 
authentication using shared secret. 


* Both routers must be configured with the same 
password (MD5 shared secret). 


* Each TCP segment is verified. 
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Authentication between BGP neighbors can be negotiated between BGP-speaking routers using 
optional parameters in the Open message. If you are using MD5 authentication, every TCP 
segment on the BGP session will be transmitted to the configured neighbor along with a 
checksum. The checksum is calculated together with a secret known by the two routers using 
the MD5 algorithm. The common secret is never transmitted on the network. If the receiver, 
which is using the same common secret, calculates the same checksum from the TCP segment, 
then the receiver can be pretty sure that the information is transmitted from the correct source 
and the information has not been altered. 


Authentication of BGP sessions is a vital tool to avoid denial-of-service (DoS) attacks. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
Cisco 


° With interior routing protocols, adjacent routers are 
usually discovered through a dedicated hello protocol. 
In BGP, neighbors must be manually configured to 
increase routing protocol security. 


BGP neighbors, once configured, establish a TCP 


session and exchange the BGP Open message, which 
contains the parameters each BGP router proposes to 
use. 


BGP keepalives are used by the router to provide 
verification of the existence of a configured BGP 
neighbor. 


MD5 authentication can be configured on a BGP 
session to help prevent spoofing, denial-of-service 
attacks, or man-in-the-middle attacks. 


References 


For additional information, refer to these resources: 


m= For more information on basic BGP, refer to “Border Gateway Protocol” at the following 
URL: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bgp.htm 


m= For more information on BGP neighbors and session establishment, refer to “Using the 
Border Gateway Protocol for Interdomain Routing” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm 
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Understanding BGP Path 
Attributes 


Overview 


This lesson introduces BGP path attributes and their purpose. The lesson also discusses 
classifications that are used to describe attributes and the properties of each classification. The 
functionality of the AS-path and next-hop attributes are also explained in detail in this lesson. 


Relevance 


To aid routers in calculating the best route to select when multiple paths to a particular 
destination exist, routes that are learned via BGP have properties that are associated with them. 
These properties are referred to as BGP path attributes. An understanding of how BGP path 
attributes influence route selection is required to design robust BGP networks. 


Objectives 


Upon completing this lesson, you will be able to describe BGP path attributes. This includes 
being able to meet these objectives: 


Describe the purpose of BGP path attributes 

Explain the difference between mandatory and discretionary well-known BGP attributes 
Explain the difference between nontransitive and transitive optional BGP attributes 
Describe the functionality of the AS-path attribute 


Describe the functionality of the next-hop attribute 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 
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Outline 


The outline lists the topics included in this lesson. 


Outline 
OE EO ee (Cisco.com 


° Overview 
¢ BGP Path Attributes 
¢ Well-Known BGP Attributes 


° Optional BGP Attributes 
° AS-Path Attribute 

° Next-Hop Attribute 

° Summary 
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BGP Path Attributes 


This topic describes the concept of BGP path attributes. 


BGP Path Attributes 


¢ BGP metrics are called path attributes. 


* BGP attributes are categorized as well-known and 
optional. 


¢ Well-known attributes must be recognized by all 


compliant implementations. 


¢ Optional attributes are recognized only by some 
implementations (could be private); expected not 
to be recognized by everyone. 


Each BGP update consists of one or more IP subnets and a set of attributes that are attached to 
them. Some of the attributes are required to be recognized by all BGP implementations. Those 
attributes are called “well-known BGP attributes.” 


Attributes that are not well-known are called “optional.” These could be attributes that are 


specified in a later extension of BGP or even in private vendor extensions that are not 
documented in a standard document. 
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Well-Known BGP Attributes 


This topic explains the differences between the well-known BGP attributes of mandatory and 
discretionary. 


Well-Known BGP Attributes 


Well-known attributes are divided into 
mandatory and discretionary. 


¢ Mandatory well-known attributes must be present 
in all update messages. 


* Discretionary well-known attributes are optional; 
they could be present in update messages. 


° All well-known attributes are propagated to other 
neighbors. 
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There is a small set of three specific well-known attributes that are required to be present on 
every update. These are the next-hop, AS-path, and origin attributes and are referred to as 
“mandatory well-known attributes.” 


Other well-known attributes may or may not be present depending on the circumstances under 
which the updates are sent and the desired routing policy. The well-known attributes that could 
be present, but are not required, are called “discretionary well-known attributes.” 


When a router receives a BGP update, it will analyze the attached attributes and compare them 
with the attributes that were attached to the same IP subnet when it was received from a 
different source. The router then makes a decision about which source indicates the best path to 
the particular IP subnet. The best route is propagated, along with its well-known attributes, to 
other BGP-speaking neighbors. 
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Well-Known BGP Attributes (Cont.) 
ee ne ee ON CNL men 


Mandatory Well-Known Attributes 
° Origin 
— Specifies the origin of a BGP route 
| Route originated in an IGP 
-e Route originated in EGP 
° ? Route was redistributed into BGP 
* AS-path 


— Sequence of AS numbers through which the network is 
accessible 


° Next-hop 
— IP address of the next-hop router 
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The three mandatory well-known attributes are origin, AS-path, and next-hop. The following 
are descriptions of these three attributes: 


m Origin: When a router first originates a route in BGP, it sets the origin attribute. If 
information about an IP subnet is injected using the network command or via aggregation 
(route summarization within BGP), the origin attribute is set to “i” for IGP. If information 
about an IP subnet is injected using redistribution, the origin attribute is set to “?” meaning 
unknown or incomplete information (these two words have the same meaning). The origin 
code, “e” was used when the Internet was migrating from EGP to BGP and is now obsolete. 


m= AS-path: The egress router modifies the AS-path attribute every time information about a 
particular IP subnet passes over an AS border. When a router first originates a route in 
BGP, the AS-path attribute is empty. Each time that the route crosses an AS boundary, the 
transmitting AS prepends its own AS number to appear first in the AS path. You can track 
the sequence of autonomous systems through which the route has passed by using the AS- 
path attribute. 


m= Next-hop: The router also modifies the next-hop attribute as the route passes through the 
network. This attribute indicates the IP address of the next-hop router—the router to which 
the receiving router should forward the IP packets toward the destination that is advertised 
in the routing update. 
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Well-Known BGP Attributes (Cont.) 
er Riva | 


Discretionary Well-Known Attributes 
¢ Local preference 

— Used for consistent routing policy within AS 
* Atomic aggregate 


—Informs the neighbor AS that the originating 
router aggregated routes 
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Discretionary well-known attributes must be supported by all BGP implementations but do not 
have to be present in all BGP updates. Routers use discretionary well-known attributes only 
when their functions are required. The following are descriptions of these two attributes: 


= Local preference: Local preference is used in the route selection process. This attribute is 
carried within an AS only. The router prefers a route with a high local preference value to a 
route with a low value. By default, routes that are received from a peer AS are tagged with 
the local preference set to a value of 100 before they are entered into the local AS. If this 
value is changed through BGP configuration, the BGP selection process is influenced. 
Because all routers within the AS get the attribute along with the route, a consistent routing 
decision is made throughout the AS. 


m Atomic aggregate: The atomic aggregate attribute is attached to a route that is created as a 
result of route summarization (called “aggregation” in BGP). This attribute signals that 
information that was present in the original routing updates may have been lost when the 
updates were summarized into a single entry. 
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Optional BGP Attributes 


This topic explains the difference between the optional BGP attributes of transitive and 
nontransitive. 


Optional BGP Attributes 
IS ed 


Optional BGP attributes are transitive or 
nontransitive. 


Transitive optional attributes 


* Propagated to other neighbors if not recognized; partial bit 
set to indicate that the attribute was not recognized 


Nontransitive optional attributes 
¢ Discarded if not recognized 
Recognized optional attributes are propagated to 


other neighbors based on their meaning (not 
constrained by transitive bit). 
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When a router receives an update that contains an optional attribute, the router checks to see if 
its implementation recognizes the particular attribute. If it does, then the router should know 
how to handle it and whether to propagate it or not. 


If the router does not recognize the attribute, the BGP implementation should look for the 
transitive bit in the attribute code. Some attributes, although not recognized by the router, might 
still be helpful to upstream routers and should be propagated. These attributes (called 
“transitive optional attributes”) are propagated even when they are not recognized. If a router 
propagates an unknown transitive optional attribute, it will set an additional bit in the attribute 
header, called the “partial bit,” to indicate that at least one of the routers in the path did not 
recognize the meaning of a transitive optional attribute. 


Other attributes, called “nontransitive optional attributes,” might be of no value to upstream 
routers if a router earlier in the path does not recognize them. Routers that do not recognize 
these attributes will drop them. 
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Optional BGP Attributes (Cont.) 


Nontransitive attributes 
e Multi-exit discriminator 


—Used to discriminate between multiple entry 
points to a single autonomous system 


Transitive attributes 
° Aggregator 


— Specifies IP address and AS number of the 
router that performed route aggregation 


* Community 
— Used for route tagging 


BGP v3.1—1-8 


One of the nontransitive optional attributes is the multi-exit discriminator (MED) attribute, 
which also influences the BGP route selection process. Whenever there are several links 
between two adjacent autonomous systems, one AS can use the MED attribute to tell another 
AS to prefer one of the links for specific destinations. 


Transitive optional attributes include the following: 


m= Aggregator: Identifies the AS and the router within that AS that created a route 
summarization, or aggregate. 


= Community: A numerical value that can be attached to certain routes as they pass a 
specific point in the network. The community value can later be examined by other routers 
at different points in the network for filtering or route selection purposes. BGP 
configuration may cause routes with a specific community value to be treated differently 


than others. 
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AS-Path Attribute 


This topic describes the functionality of the BGP AS-path attribute. 


AS-Path Attribute 


* The AS-path attribute is empty when a local route 
is inserted in the BGP table. 


¢ The AS number of the sender is prepended to the 
AS-path attribute when the routing update crosses 
AS boundary. 


° The receiver of BGP routing information can use 
the AS-path attribute to determine through which 
AS the information has passed. 


* An AS that receives routing information with its 
own AS number in the AS path silently ignores the 
information. 


The AS-path attribute is modified by an edge router every time information about a particular 
IP subnet passes over an AS border. When a router first originates a route in BGP, the AS-path 
attribute is empty. The local AS number is prepended to the AS path each time that the route 
crosses an AS boundary. There are several consequences of this behavior: 


m= When you examine BGP routes, the AS path can be interpreted as the sequence of 
autonomous systems that must be passed through in order to reach the indicated network. 
The AS that originally injected the route into BGP is always found at the rightmost end of 
the AS path. 


m™ Itis easy to distinguish local routes from routes that have been received from other 
autonomous systems—BGP routes with an empty AS path were injected into BGP from 
within the local AS. 


The AS-path attribute is also used to avoid routing loops. When a router receives a BGP 
update, it will check the AS-path attribute and look for its own AS number. If it is found in the 
AS path, then the route has already crossed the local AS and the router is now faced with a 
routing information loop. To avoid this situation, the route is silently ignored. 
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Example 


AS-Path Attribute (Cont.) 
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Network=10.0.0.0/8 
AS-path=37 21 123 


002G_037 
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The figure shows how BGP loop prevention works. 


The network 10.0.0.0/8 is local to AS 123. The router in AS 123 injects the route 10.0.0.0/8 
into BGP with an empty AS-path attribute. 


When the routing update about network 10.0.0.0/8 is sent by the edge router in AS 123 to AS 
21, AS number 123 is prepended to the empty AS path, resulting in an AS path consisting of 
only 123. The sending router does the prepending as part of the outgoing BGP update 
processing. While the route is still within AS 123, the AS-path entry for AS 123 will not appear 
in the AS path. 


The router in AS 21 propagates the information about the network 10.0.0.0/8 to AS 37. Because 
it is sending the BGP update to AS 37, it prepends its own AS number to the AS path, resulting 
in an AS path consisting of the sequence of 21 123. 


AS 37 also propagates the received route to AS 123. To avoid a routing loop, where AS 123 
might try to reach its own network (10.0.0.0/8) via AS 37, BGP has a built-in mechanism 
where the router in AS 123 drops the incoming update as soon as it finds its own AS (123), in 
the AS path. No error will be signaled, because nothing is really wrong. It is merely the 
procedure that is used by BGP to avoid a routing information loop. 
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Next-Hop Attribute 


This topic describes the functionality of the next-hop attribute in BGP. 


Next-Hop Attribute 


* Indicates the next-hop IP address used for packet 
forwarding 


* Usually set to the IP address of the sending EBGP 
router 


° Can be set to a third-party IP address to optimize 
routing 


The BGP next-hop attribute identifies the IP address that a router should use to forward packets 
toward the destination that is announced in a BGP routing update. In most cases, the sending 
router sets the next-hop attribute to its own IP address. There are cases, however, where the 
next-hop IP address points to a third router. 
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Example 


Next-Hop Attribute (Cont.) 


Next-hop processing 


Network=21.0.0.0/8 
AS-path=21 


ms, Inc. All rights reserved BGP v3.1—1-15 


The figure shows the usual next-hop processing: 


m= RTR-B announces network 21.0.0.0/8 to RTR-A. The outgoing IP address of RTR-B (the 
address that is used to establish the BGP TCP session) is used as the BGP next hop. 


m RTR-A receives the routing update and installs it in its BGP table and routing table. Should 
RTR-A need to forward packets toward network 21.0.0.0/8, it would send those packets 
toward the IP address 10.0.0.1 (RTR-B). 


m= When RTR-A propagates the information about 21.0.0.0/8 to RTR-C, it sets the BGP next- 
hop attribute to its own IP address. 
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Next-Hop Attribute (Cont.) 


Next-hop processing 
on shared media 


Network=21.0.0.0/8 
AS-path=21 
Next-hop=10.0.0.1 


Network=21.0.0.0/8 
AS-path=123 21 
Next-hop=10.0.0.1 


002G_039 


¢ If the receiving BGP router is in the same subnet as the current next-hop 
address, the next-hop address is not changed to optimize packet forwarding 


Inc. All rights reserved BGP v3.1—1-17 


The next-hop processing changes if the BGP routers connect to a shared subnet. In the figure 
here, if RTR-A announces the network 21.0.0.0/8 to RTR-C with the BGP next-hop address set 


to RTR-A, the packets from AS 37 toward network 21.0.0.0/8 will have to cross the shared 
LAN twice. RTR-A thus sends the routing update toward RTR-C with the BGP next-hop 
address unchanged (still pointing toward RTR-B), allowing optimal data transfer across the 


shared LAN. 


Note More formally, the BGP next-hop rule states that if the current BGP next hop is in the same 
IP subnet as the receiving router, the next-hop address is not changed; otherwise, the next- 


hop attribute is changed to the IP address of the sending router. 
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Next-Hop Attribute (Cont.) 


Next-hop processing 
on NBMA network 


Network=21.0.0.0/8 
AS-path=21 
Next-hop=10.0.0.1 


Network=21.0.0.0/8 
AS-path=123 21 
Next-hop=10.0.0.1 


Connectivity is broken, RTR-C 
cannot reach next hop 10.0.0.1 


¢ BGP next-hop processing can break connectivity with improper network 
designs over partially meshed WAN networks. 
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BGP next-hop processing results in optimum data transfer over shared media (for example, a 
LAN subnet). In partially meshed networks (like Frame Relay), BGP next-hop processing can 
break IP connectivity. Consider, for example, the network diagram above: RTR-A will send a 
routing update about network 21.0.0.0/8 to RTR-C with RTR-B set to the next-hop address (as 
they are all in the same subnet). Because there is no direct connection (virtual circuit) between 
RTR-C and RTR-B, but RTR-C still tries to send packets directly toward RTR-B, the 
connectivity between AS 37 and AS 21 is broken. 


There are two ways to solve the connectivity loss that is introduced by this design: 


m Use the subinterfaces on RTR-A to make sure that RTR-B and RTR-C are in different 
subnets (and BGP next-hop processing would ensure that RTR-A is the BGP next hop in 
the outgoing BGP updates). 


m Disable the BGP next-hop processing on RTR-A in an existing multipoint frame relay 
design that shares a common subnet. (This option is strongly discouraged in normal BGP 
design because routing problems should be solved with a proper network design of point- 
to-point subinterfaces.) 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 


isc cory 


¢ BGP metrics attached to a BGP route are called “path 
attributes.” 


Some path attributes are well-known and should be recognized 
by every BGP implementation. Some of the well-known 
attributes are mandatory and have to be present in every BGP 
update. These are AS-path, next-hop, and origin. Other well- 
known attributes are discretionary. 


Attributes that are not required to be recognized by every BGP 
implementation are called “optional.” These attributes could 
be transitive (propagated if not recognized) or nontransitive 
(dropped). 


The AS-path attribute the autonomous systems that the 
routing update has already crossed. This attribute is used for 
BGP loop detection and BGP route selection. 


The next-hop attribute specifies the IP address that is to be 
used for packet forwarding. The next hop is usually set to the 
IP address of the BGP router sending the update. 


Inc. Alll rights reserve BGP v3.1—1-20 


References 


For additional information, refer to this resource: 


m= For more information on BGP attributes, refer to “Border Gateway Protocol” at the 


following URL: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bgp.htm 
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Processing BGP Routes 


Overview 


This lesson explains the details of processing IP routing information in BGP. It describes how a 
router builds the BGP routing table, how BGP selects the best route, and how BGP routes are 
propagated to other BGP neighbors. The lesson also discusses how a router builds the IP 
routing table when it is using BGP. 


Relevance 


Route processing is fundamental to the operation of BGP. Knowledge of the BGP route 
selection process, route propagation, and how the BGP and IP routing tables are built is key to 
properly configuring BGP and troubleshooting BGP routing issues. 


Objectives 


Upon completing this lesson, you will be able to describe BGP route processing. This includes 
being able to meet these objectives: 


Explain BGP routing updates 

Describe how a router builds BGP tables 

Explain BGP route selection criteria 

Describe BGP route propagation 

Describe how a router builds an IP routing table when it is using BGP 
Describe how BGP advertises local networks 


Describe the role of automatic summarization in BGP route processing 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 
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Outline 


The outline lists the topics included in this lesson. 


Outline 
_ OE EO Cisco.com 


° Overview 
° Receiving Routing Updates 
* Building the BGP Table 


* BGP Route Selection Criteria 
* BGP Route Propagation 

° Building the IP Routing Table 
* Advertising Local Networks 

* Automatic Summarization 

° Summary 
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Receiving Routing Updates 


This topic explains BGP routing updates. 


Receiving Routing Updates 


Small BGP Network 


37.0.0.0/8); 


The network that is displayed in the figure serves as the sample network for generating 
printouts in the following examples. 
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Receiving Routing Updates (Cont.) 


Information from the BGP tables is exchanged after 
adjacency establishment. 


Rtr-A#debug ip bgp update 
2:24:11: BGP: 2.3.4.5 rcv UPDATE about 37.0.0.0 255.0.0.0, next hop 
-3.4.5, path 21 37 metric 0 
:24:11: BGP: 2.3.4.5 rcv UPDATE about 1.0.0.0 255.0.0.0 -- denied 
2:24:11: BGP: 2.3.4.5 rcv UPDATE about 21.0.0.0 255.0.0.0, next hop 
.3.4.5, path 21 metric 0 
:24:11: BGP: nettable walker 21.0.0.0/255.0.0.0 calling revise route 
:24:11: BGP: revise route installing 21.0.0.0/255.0.0.0 -> 2.3.4.5 


0026_010 
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After a BGP session is established, routing updates start to arrive. Each BGP routing update 
consists of one or more entries (routes). Each route is described according to the IP address and 
subnet mask along with any number of attributes. The next-hop, AS-path, and origin attributes 
must always be present. Other BGP attributes are optionally present. 


The debug output shows how information about network 37.0.0.0/8 is received from neighbor 
2.3.4.5. The neighbor indicates that IP packets to destination IP addresses in network 37.0.0.0/8 
can be forwarded to the next-hop address 2.3.4.5. The AS path 21 37 indicates that the final 
destination is in AS 37 but the packets have to pass through AS 21 in order to get there. The 
metric is the MED value. 


Network 21.0.0.0/8 also has the next-hop address of 2.3.4.5, but the AS path of 21 indicates 
that that network is inside the directly connected AS 21. 


Network 1.0.0.0/8 is denied. The reason is not obvious from the debug output, but the network 
topology information indicates that network 1.0.0.0 is local to (inside) AS 123. AS 123 has 
advertised the network to AS 37, which propagates to AS 21 and returns back to AS 123. This 
information loop is detected by the content in the AS-path attribute. The receiving router 
detects its own AS number in the AS path and silently discards (denies) the route. 


1-52 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Building the BGP Table 


This topic explains how a router that is enabled for BGP builds a BGP routing table. 


Building the BGP Table 
Re fe > eam 


All inbound updates are placed into the BGP table. 


Rtr-A#show ip bgp 

BGP table version is 16, local router ID is 1.2.3.4 

Status codes: s suppressed, h history, * valid, > best, i - internal 
Origin codes: i- IGP, e- EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight 
‘| ‘ ce) 32768 


0026_011 
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All routes that are received from a neighbor are saved in the router memory. Therefore, there is 
no need to retransmit or refresh any unchanged information. 


When there is more than one way to reach a particular network, the local router selects one of 
those as the best. If that alternative is later lost because the neighboring router withdraws the 
route (or the neighboring router is no longer reachable), the remaining alternatives are still 
stored in memory and a new alternative is selected as the best without involving other BGP 
routers. 


The show ip bgp router command gives an overview of all routing information received from 
all neighbors. The command will display basic information about each route on a single line. 
The output is sorted—different alternatives to reach the same network are displayed on 
consecutive lines. The network number is displayed only on the first lines indicating the same 
network. The network column is left blank on the consecutive lines indicating alternatives to 
reach the same network. 


The router selects only one of the alternatives as the best path toward the destination. This 
alternative is indicated with the “>” sign. 
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BGP Route Selection Criteria 


This topic explains the route selection process in BGP. 


BGP Route Selection Criteria 


Pe ORRIN | 


Exclude routes with inaccessible next hop 

Prefer highest weight (local to router) 

Prefer highest local preference (global within AS) 
Prefer routes that the router originated 

Prefer shortest AS path (only length is compared) 


Prefer lowest origin code (IGP < EGP < Incomplete) 
Prefer lowest MED 

Prefer external (EBGP) paths over internal (IBGP) 

For IBGP paths, prefer path through closest IGP neighbor 
For EBGP paths, prefer oldest (most stable) path 

Prefer paths from router with the lowest BGP router-ID 
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When a router has more than one alternative route to reach the same IP subnet (network and 
mask), the router has to select one of them as best in its default mode of operation. In order to 
make this selection, the router uses the BGP attributes that are attached to the different updates. 
The selection criteria are checked in the order that is indicated in the following steps. The first 
of the checks that indicates a difference is used, and no further testing is done. 


Step 1 


Step 2 


Step 3 


Step 4 


Step 5 


The router checks if the next-hop attribute indicates an IP address that is reachable 
according to the current routing table. It is not necessary to have a direct connection 
to the next hop. It can very well be several router hops away and the route to it 
learned by the IGP. If the next hop is not reachable, the router does not consider the 
BGP route as a candidate to become selected as the best. 


The router prefers the route with the higher weight. The weight is not carried with 
the updates; it is a value that is assigned to the route by the local router and 
considered only within the router itself. 


If the local preference attributes are different, the route with the highest value is 
selected best. 


If one of the routes is injected into the BGP table by the local router, the local router 
prefers it to any routes that it receives from other BGP routers. 


At this point, the lengths of the AS paths are compared (the content is not checked; 
only the number of autonomous systems in each AS path is counted). The route with 
the shortest length is selected. 


1-54 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Step 6 


Step 7 


Step 8 


Step 9 


Step 10 


Step 11 


If the AS-path lengths are the same, the origin code is checked. BGP will prefer the 
path with the lowest origin type: IGP is lower than EGP, and EGP is lower than 
Incomplete. 


The router next compares MED values but only if it receives the updates from the 
same neighboring AS. Routes with a lower MED are preferred. 


At this point it is clear that the destination network is outside the local AS and that 
there is not much difference between the alternatives. Because the IP packets to the 
destination network must leave the AS, it is better that they do so as quickly as 
possible. If any of the alternatives are received from a BGP peer in another AS, that 
alternative is preferred. 


If the router receives all alternatives from peer routers in the local AS, each of them 
will indicate an exit point, and the closest exit is used. Distance to the exit point is 
calculated by comparing the IGP costs against the BGP next hops, as indicated in the 
routing table. 


If the router receives all alternatives from External Border Gateway Protocol 
(EBGP) neighbors, the most stable path (the oldest path) is preferred. 


If the router still cannot differentiate the routes, it nevertheless has to make a 
decision and select the best route. It checks the BGP sessions on which it received 
the updates and chooses the route that was received on the session for which the peer 
router has the lowest BGP router-ID. 


The router makes the final test only after it has made all other checks and determined that all 
alternative routes are equally good. 
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Example 


BGP Route Selection Criteria (cont) 


Best routes to the destination networks are selected 
from the BGP table. 


asl123#show ip bgp 

BGP table version is 4, local router ID is 1.2.3.4 

Status codes: s suppressed, h history, * valid, > best, i - internal 
Origin codes: i- IGP, e- EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight 
*> 1.0.0.0 0.0.0.0 32768 
> 22 20,050 3.8.5. 100 
* 2.3.48: fe) 

3.4 100 
255 fe) 


*> 37.0.0.0 
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In this example, the router in AS 123 can reach network 21.0.0.0/8 via two paths; the first one 
is via neighbor 3.4.5.6 in AS 37 and then to AS 21, and the second path is straight to AS 21 
through neighbor 2.3.4.5. In this example, the weight is set to 100 for the path via AS 37, and 
the other alternative path does not have the weight set. Thus, when checked against BGP path 
selection rules, the route via AS 37 is selected as the best because it has a higher weight 
attribute. 


Likewise, network 37.0.0.0/8 is reached via AS 37 because the weight indicates that it is the 
best route. 
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BGP Route Propagation 


This topic describes how a router propagates BGP routes to other BGP neighbors. 


BGP Route Propagation 
I 


Best BGP routes are propagated to BGP 
neighbors. 


asl123#debug ip bgp update 

1:24:16: BGP: 3.4.5.6 computing updates, neighbor version 15, table 
version 16, starting at 0.0.0.0 

1:24:16: BGP: 3.4.5.6 send UPDATE 21.0.0.0 255.0.0.0, next 3.4.5.7, 
metric 0, path 123 21 

1:24:16: BGP: 3.4.5.6 1 updates enqueued (average=45, maximum=45) 
1:24:16: BGP: 3.4.5.6 update run completed, ran for 4ms, neighbor 
version 15, start version 16, throttled to 16, check point net 0.0.0.0 


0026_013 
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A local router propagates only the route that it selected as best to the neighbors. However, the 
router never sends a route back on the same BGP session upon which it was received. On the 
contrary, when it selects a neighbor as the best next hop, the router makes sure that the 
neighbor is not pointing back to the local router; it accomplishes this task by “poisoning” the 
route (marking the route unreachable) and sending a withdraw message to that neighbor. 


The router conducts route poisoning to avoid a potential routing loop problem in which a 
neighbor router selected as the best next hop might rely on the local router as the best next hop. 


The process where routing information is not sent back to the source of information is called 
split horizon. 
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Building the IP Routing Table 


This topic explains the process of building an IP routing table from the BGP table and from 
other sources of routing information such as IGPs. 


Building the IP Routing Table 
ee a LER es | 


Best BGP routes are copied into the IP routing 
table based on administrative distance. 


as123#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
El - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
i - IS-IS, Ll - IS-IS level-1, L2 - IS-IS level-2, *candidate 
default 


Gateway of last resort is not set 


-0.0.0 is directly connected, LoopbackO 
-0.0.0 is directly connected, Seriall 
-0.0.0 is directly connected, Serial0O 
1.0.0.0 [20/0] via 3.4.5.6, 00:02:06 
7.0.0.0 [20/0] via 3.4.5.6, 00:02:06 


1 
2 
3 
2 
3 
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The route in the BGP table that BGP selects as the best is a candidate for installation in the IP 
forwarding, or routing, table. 


Before a route can be installed, the router has to check if there is any other routing protocol that 
has information about the same subnet (network and mask). If the subnet is known via different 
sources, the router uses the administrative distance (AD) to determine which source to use. AD 
is a rating of the trustworthiness of a routing information source. AD is often expressed as a 
numerical value between 0 and 255. The higher the value means the lower the trustworthiness 
rating. In this case, the router will install the route with the lowest AD. 


The output from the show ip route command indicates which routes in the routing table were 
installed using the BGP information. Those routes are denoted with the letter “B.” The AD is 
shown in the command output as the first number within the brackets. 


In this example, both networks 21.0.0.0/8 and 37.0.0.0/8 are reachable via 3.4.5.6. After the 
router has installed the routes in the routing table, user data traffic starts to be forwarded. 
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Advertising Local Networks 


This topic discusses how BGP advertises local networks. 


Advertising Local Networks 


¢ BGP router process keeps a list of local networks 
(defined with network command or through 
redistribution). 


* BGP process periodically scans the IP routing 
table and inserts or revokes routes from the BGP 
routing table based on their presence in the IP 
routing table. 


The BGP routing process can inject new routes in the BGP table. A router will propagate newly 
injected routes to neighboring BGP peers if it selects them as best, giving neighboring 
autonomous systems information about networks that are reachable in the local AS. This 
process is called advertising, originating, or announcing, local routes. 


The BGP process can inject local routes in two different ways: 


m A list of networks is configured on the router under the BGP router process using the 
network configuration command. The networks listed are candidates for being injected. 
Networks are injected only if they appear in the routing table. In the case where the IGP 
that is used within the AS finds a valid path to them, the routes will be in the routing table. 


m= Routes that are learned by another routing protocol are redistributed. The IGP that is used 
with the AS can also act as a source of routing information about local networks. 
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Example 
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Advertising Local Networks ont) 


BGP route is revoked after the network is removed 
from the routing table. 


1 
1 
1 
1 
1 
at 
1 
1 
4 
aes 


is 


ace 
33: 
33: 
33: 
33 
33: 
SIS3e 
33: 
33: 


as123# debug ip routing 

as123# debug ip bgp update 

%LINEPROTO-5-UPDOWN: Line protocol on LoopbackO changed state to down 
34: 
234: 
234: 
234: 
234: 
234: 
234: 
2:34: 
334: 
, Stare 


jRuNs 
RT: 
RT: 


BGP: 
BGP: 
BGP: 
BGP: 
BGP: 
BGP: 
version 5, throttled to 5, check point net 0.0.0.0 
BGP: 


interface LoopbackO removed from routing table 

del 1.0.0.0 via 0.0.0.0, connected metric [0/0] 

delete network route to 1.0.0.0 
route down 1.0.0.0 255.0.0.0 

no valid path for 1.0.0.0 255.0.0.0 

nettable walker 1.0.0.0/255.0.0.0 no best path selected 
2.3.4.5 send UPDATE 1.0.0.0 255.0.0.0 -- unreachable 
2.3.4.5 1 updates enqueued (average=25, maximum=25) 

2.3.4.5 update run completed, ran for 4ms, neighbor version 


3.4.5.6 send UPDATE 1.0.0.0 255.0.0.0 -- unreachable 


002G_015 
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In this example, network 1.0.0.0/8 is directly connected to interface LoopbackO. The route to 
1.0.0.0/8 has been previously installed in the BGP table because it was listed with a network 
statement and it was in the routing table as directly connected. When the Loopback0O interface 
goes down, the router removes the directly connected route from its routing table. Because the 
route no longer exists in the routing table, it must also be removed from the BGP table. 


Because there has been a change in the BGP table, the BGP neighbors must be informed. The 
router sends a BGP update message to both neighbors indicating that network 1.0.0.0/8 is now 


unreachable. 
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Advertising Local Networks (Cont.) 


BGP route is advertised after the network appears 
in the routing table. 


1:36:42: RT: add 1.0.0.0 255.0.0.0 via 0.0.0.0, connected metric [0/0] 
1:36:42: RT: interface LoopbackO added to routing table 

1:36:42: BGP: route up 1.0.0.0 255.0.0.0 

1:36:42: BGP: nettable walker 1.0.0.0/255.0.0.0 route sourced locally 
%SLINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0O, changed state 
to up 

1:36:43: BGP: 2.3.4.5 computing updates, neighbor version 5, table 
version 6, starting at 0.0.0.0 

1:36:43: BGP: 2.3.4.5 send UPDATE 1.0.0.0 255.0.0.0, next 2.3.4.6, 
metric 0, path 123 

1:36:44: BGP: 2.3.4.5 1 updates enqueued (average=50, maximum=50) 
1:36:44: BGP: 2.3.4.5 update run completed, ran for 4ms, neighbor 
version 5, start version 6, throttled to 6, check point net 0.0.0.0 


002G_016 
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In this example, network 1.0.0.0/8 is listed with a network statement in the BGP process. 
However, the network was not in the routing table of the router, so the network was not injected 
into its BGP table. 


Later, the LoopbackO interface comes back up again. This reappearance means that the network 
1.0.0.0/8 is now in the routing table as a directly connected route. As a result, the router will 
once again inject the 1.0.0.0/8 network into its BGP table, and subsequently update its 
configured neighbors. 
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Automatic Summarization 


This topic describes the role of automatic summarization in BGP route processing. 


Automatic Summarization 


¢ Automatic summarization is enabled by default. 
¢ Enable automatic summarization when: 


— Summarization of IGP-to-BGP redistributed 
routes to major network boundary required 


— Using classful network command to summarize 
subnets to a major network boundary 


¢ Disable automatic summarization when: 


— Summarization on IGP-to-BGP redistribution is 
not desired 


— Using classless variant of the network command 


When a BGP router is configured to locally announce routes into BGP, the behavior of the 
network command varies depending on whether automatic summarization is enabled or 
disabled. When automatic summarization is enabled, BGP summarizes the locally originated 
BGP networks (network x.x.x.x) to their classful boundaries. Automatic summarization is 
enabled by default in BGP. 


When a subnet exists in the routing table and the following three conditions are satisfied, then 
any subnet (component route) of that classful network in the local routing table will prompt 
BGP to install the classful network into the BGP table: 


m™ A classful network statement for that network exists in the routing table. 
m™ A classful mask has been configured on that network statement. 


= Automatic summarization is enabled. 


When automatic summarization is disabled, the routes that are introduced locally into the BGP 
table are not summarized to their classful boundaries. 


The behavior of the redistribution procedure in BGP is also influenced by the configuration of 
automatic summarization on the router. When enabled, all redistributed subnets will be 
summarized to their classful boundaries in the BGP table. When disabled, all redistributed 
subnets will be present in their original form in the BGP table. 


Enable automatic summarization in BGP when the summarization of subnets to their classful 
boundaries will not introduce flawed information into the BGP table. In other words, leave 
automatic summarization enabled only when you are using a fully assigned classful network 
matching the network that was summarized in BGP. 
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Whenever possible, use the classless variant of the network command, specifying the subnet 
mask length of the network. When you are redistributing networks into BGP, the preferred 
method is to disable automatic summarization. Disabling automatic summarization ensures that 
correct information is inserted into the BGP table of the router. 


Example 


Automatic Summarization (eon) 


router# show ip route 


197.1.1.0 255.255.255.0 is variably subnetted, 2 subnets, 2 masks 
oO 197.1.1.64 255.255.255.224 [110/129] via 172.16.1.5, 00:02:44, Serial0/0.1 
° 197.1.1.49 255.255.255.255 [110/129] via 172.16.1.5, 00:02:44, Serial0/0.1 


002G_172 


One subnet and one host route for 197.1.1.0 exists in the routing table. 
Automatic summarization is enabled for BGP. 


BGP has been configured to locally announce 197.1.1.0. 


router# show ip bgp 

BGP table version is 4, local router ID is 172.16.0.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight Path 
*> 197.1.1.0 0.0.0.0 te) 32768 i 
*> 200.20.0.0/16 150.1.0.2 0 0 456 20 i 
*> 204.56.0.0/16 150.1.0.2 i?) 0 456 i 
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Classful network summary is inserted into BGP table. 


When you are inserting networks into the BGP table with the classful network command and 
automatic summarization is disabled, no insertion into the BGP table will occur unless an exact 
match exists in the IP routing table (meaning a classful network has to be present in the IP 
routing table). 


When automatic summarization is enabled, the major network command will summarize all 
subnets in the IP routing table to their major network boundary. 


In this example, one subnet and one host route of the major class C network 197.1.1.0/24 
(197.1.1.64/27 and 197.1.1.49/32) exist in the routing table. There is a classful network 
command, and automatic summarization is enabled for BGP. This setup results in the insertion 
of a classful network summary into the BGP table, instead of separate subnets. 


Subnet 197.1.1.64/27 and host route 197.1.1.49/32 were summarized during insertion into the 
BGP table to the classful network 197.1.1.0/24. This action occurred because a classful 
network command and automatic summarization were configured on the router. If automatic 
summarization were disabled, no insertion into the BGP table would occur at all. 


The locally sourced summary has all the attributes of a locally sourced BGP route (next 
hop=0.0.0.0, weight=32768, empty AS-path list), and is marked as having an IGP origin (being 
sourced with the network command). 
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Automatic Summarization (Cont.) 
————————— ee eee 


router# show ip route 


172.16.0.0 255.255.0.0 is variably subnetted, 5 subnets, 2 masks 

° 172.16.1.0 255.255.255.252 [110/128] via 172.16.1.5, 00:36:35, Serial0/0.1 

° 172.16.0.2 255.255.255.255 [110/65] via 172.16.1.5, 00:36:35, Serial0/0.1 
172.16.0.3 255.255.255.255 [110/129] via 172.16.1.5, 00:36:35, Serial0/0.1 
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One subnet and two host routes for 172.16.0.0 exist in the routing table. 


Automatic summarization is enabled for BGP. 


BGP has been configured to redistribute OSPF into BGP. 


router# show ip bgp 

BGP table version is 8, local router ID is 172.16.0.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight Path 
*> 172.16.0.0 0.0.0.0 te) 32768 ? 
*> 200.20.0.0/16 150.1.0.2 0 0 456 20 i 
*> 204.56.0.0/16 150.1.0.2 0 0 456 i 
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Classful network summary is inserted into BGP table. 
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In this example, automatic summarization is enabled, resulting in the summarization of 
redistributed subnets to their classful boundaries. Subnet 172.16.1.0/30 and the two host routes 
172.16.0.2/32 and 172.16.0.3/32 will be summarized into the single class B network 
172.16.0.0/16. The network 172.16.0.0/16 is a locally sourced summary with all the attributes 
of a locally sourced BGP route (next hop=0.0.0.0, weight=32768, empty AS-path list). The 
origin of the route is marked as incomplete because the route is sourced through redistribution. 


If automatic summarization were disabled, more specific routes would be present in the BGP 
table instead of the summary prefix 172.16.0.0/16. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
isc cr 


After BGP sessions are established between BGP routers, 
they can start exchanging routing updates. 


All updates that are received from BGP neighbors are stored 
in the BGP table, regardless of whether they are used. 


The route selection process takes into account various BGP 
attributes that are attached to the route, as well as local 


decisions (indicated with weights). 


Only the best BGP routes are propagated to other BGP 
routers. 


Only the best BGP routes are installed in the local IP routing 
table. 


Every BGP router can also originate the routes in BGP. The 
routes to be originated are entered manually in the BGP 
routing process, or redistributed into BGP from an IGP. 


Automatic summarization is enabled by default in BGP. 


References 


For additional information, refer to these resources: 


m= For more information on BGP route processing, refer to “Border Gateway Protocol” at the 
following URL: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bgp.htm 


m= For more information on BGP neighbors and session establishment, refer to “Using the 
Border Gateway Protocol for Interdomain Routing” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm 
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Configuring Basic BGP 


Overview 


This lesson introduces the Cisco IOS commands that are required to configure a router for basic 
BGP operation. Included are the commands that are used to enable the BGP routing protocol 
process, establish neighbors, and advertise local routes. This lesson concludes with basic 
commands that network administrators can use to monitor the BGP configuration. 


Relevance 


Basic BGP configuration is critical to any successful BGP implementation. Network 
administrators use the Cisco IOS commands that are included in this lesson in all BGP 
implementations. Thorough knowledge of the commands in this lesson is therefore crucial to 
ensuring a successful implementation using BGP. 


Objectives 


Upon completing this lesson, you will be able to identify Cisco IOS commands that are 
required to configure a router for BGP. This includes being able to meet these objectives: 


Identify the Cisco IOS command that is required to configure the BGP routing process 
Identify the Cisco IOS commands that are required to configure BGP neighbors 


Identify the Cisco IOS commands that are required to configure the basic timers that are 
used in BGP 


Identify the Cisco IOS command that is required to configure MD5 authentication for BGP 
Identify the commands that are required to announce local networks in BGP 


Describe BGP route redistribution and identify the commands that are required to configure 
BGP route redistribution 


Describe the classless behavior of BGP and identify the Cisco IOS command that is 
required to configure BGP for classless operation 


Describe BGP route aggregation and identify the Cisco IOS commands that are required to 
configure basic BGP route aggregation 


Determine when BGP route aggregation is not appropriate in multihomed topologies 
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Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
——— ee CICOYCO 1 | 


° Overview 

* BGP Routing Process 

° Configuring External Neighbors 
* Configuring BGP Timers 

* Configuring MD5 Authentication 
* Announcing Networks in BGP 

* Redistributing Routes into BGP 
° Configuring Classless BGP 

* Aggregating BGP Networks 

* Multihomed Customer Problem 


ry 


- Summa 
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BGP Routing Process 


This topic identifies the command that is required to initially configure the BGP routing 
process on a Cisco IOS router. 


BGP Routing Process 
I 


router (config) # 


router bgp as-number 


* Starts BGP routing. 
¢ Get your AS number from American Registry for 
Internet Numbers ( ) or Réseaux IP 


Européennes ( ). 

¢ Use private AS numbers (64512 — 65535) if you run 
BGP in a private network. 

¢ Only one BGP routing process per router is allowed. 


router bgp 
To configure the BGP routing process, use the router bgp global configuration command. 


™ router bgp as-number 


To remove a routing process, use the no form of this command. 


™ no router bgp as-number 


Syntax Description 


Parameter Description 


as-number Number of an AS that identifies the router to other BGP routers, 


and tags the routing information that is passed along 


This command starts the BGP routing process in the router. There can be, at most, one BGP 
process in a router. It must be assigned the local AS number. 


The AS number is a 16-bit unsigned integer number. It must uniquely identify the AS among 
all routers that are exchanging BGP routing information, either directly or indirectly. This 
means that the AS numbers are required to be unique when BGP information is exchanged with 
the Internet. 
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The AS number can be a public AS number (ranging from 1 to 64511) that is assigned by an 
Internet registry (American Registry for Internet Numbers [ARIN]: www.arin.net or Réseaux 
IP Européennes [RIPE]: www.ripe.net), or a private AS number (ranging from 64512 to 
65535). Private AS numbers will never be propagated onto the public Internet. 
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Configuring External Neighbors 


This topic lists the commands that are required to configure external BGP neighbors on a Cisco 
router. 


Configuring External Neighbors 


router (config-router) # 


neighbor ip-address remote-as as-number 


° Defines an external neighbor. 
* External neighbor has to be reachable over directly 
connected subnet. 


router (config-router) # 


neighbor ip-address description neighbor description 


* Assigns a description to an external neighbor. 


BGP v3.1—1-4 


BGP does not automatically discover neighbors. They have to be explicitly configured. The 
local router will try to connect to the indicated IP address and also accept incoming connection 
attempts from the indicated IP address. 


The first attribute that you must configure with a new neighbor is the remote AS number in 
which the neighbor is taking part. When the TCP session is established between BGP routers, 
the configured remote AS number will be verified by each router with the exchange of BGP 
Open messages. 


You may optionally configure other attributes with the neighbor. Do this on successive 
configuration lines, referring to the same neighbor IP address but indicating different attributes. 
With the neighbor description command, a description (text string) can be entered that 
describes the neighbor. 
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neighbor remote-as 


To add an entry to the BGP neighbor table, use the neighbor remote-as router configuration 


command. 


m neighbor {ip-address | peer-group-name} remote-as number 


To remove an entry from the table, use the no form of this command. 


= no neighbor {ip-address | peer-group-name} remote-as number 


Syntax Description 


Parameter 


ip-address 


Description 


IP address of neighbor 


peer-group-name 


Name of a BGP peer group 


number 


neighbor description 
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To associate a description with a neighbor, use the neighbor description router configuration 


command. 


AS to which the neighbor belongs 


m neighbor {ip-address | peer-group-name} description text 


To remove the description, use the no form of this command. 


= no neighbor {ip-address | peer-group-name} description text 


Syntax Description 


Parameter 


ip-address 


Description 


IP address of neighbor 


peer-group-name 


Name of a BGP peer group 


text 


Text (up to 80 characters) that describes the neighbor 
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Configuring External Neighbors (Cont) 


To temporarily disable a BGP neighbor: 


router (config-router) # 


neighbor ip-address shutdown 


* Disables communication with a BGP neighbor 
° Use scenarios: 
— Debugging and troubleshooting 
— Shutdown of the neighbor during extensive 
modification of routing policies to prevent 
inconsistent routing data 


neighbor shutdown 
To disable a neighbor, use the neighbor shutdown router configuration command. 


m neighbor {ip-address | peer-group-name} shutdown 


To re-enable the neighbor or peer group, use the no form of this command. 


= no neighbor {ip-address | peer-group-name} shutdown 


Syntax Description 


Parameter Description 
ip-address IP address of neighbor 
peer-group-name Name of a BGP peer group 
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Configuring BGP Timers 
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This topic lists the commands that are required to modify the default keepalive and holdtime 
timers in BGP for the BGP process or for the TCP session between BGP neighbors. 


Configuring BGP Timers 
fd 


router (config-router) # 


timers bgp keepalive holdtime 


¢ Changes the default values of BGP timers per BGP process. 
¢ Only the holdtime value is communicated in the BGP Open 
message. 


* Smallest configured holdtime value on BGP peers is used by 
both peers. 


router (config-router) # 


neighbor [ ip-address/peer group name ] timers keepalive holdtime 


* Changes the default values of BGP timers per specific neighbor 
or peer group. 
* Overrides the bgp settings of the timers. 


Changing the BGP default holdtime and keepalive timers is usually not recommended. The 
defaults (keepalive: 60 sec; holdtime: 180 sec) should work fine in most situations. If for any 
reason a faster BGP response to a peer down event is needed (for example, in scenarios where 
multiple paths toward destinations are available), the neighbor timers on the router can be 
reduced. This reduction will result in a faster detection of a lost peer and faster switching to the 
alternate path in the BGP table, thus improving convergence. 


A BGP router with an expired holdtime (no BGP traffic was received within the holdtime 
interval) will send a notification to its BGP peer, notifying it as to the reason for closing the 
session. The BGP router on which the holdtime has expired moves the inactive peer into the 
“Tdle” state. After a certain time interval, determined by auto-enable and connection timers, a 
BGP router again tries to reconnect to the previously disconnected BGP peer and will also 
accept connection attempts from that peer. 
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timers bgp 
To adjust BGP network timers, use the timers bgp router configuration command. 


m= timers bgp keepalive holdtime 

To reset the BGP timing defaults, use the no form of this command. 
= no timers bgp keepalive holdtime 

Syntax Description 


Parameter Description 


keepalive Frequency (in seconds) with which the Cisco IOS software sends 
keepalive messages to its peer. The default is 60 sec. 


holdtime Interval (in seconds) after not receiving a keepalive message that 
the software declares a peer dead. The default is 180 sec. 


neighbor timers 


To set the timers for a specific BGP peer or peer group, use the neighbor timers router 
configuration command. This command overrides the values that have been set by the timers 
bgp command. 


m neighbor [ip-address | peer-group-name] timers keepalive holdtime 


To clear the timers for a specific BGP peer or peer group, use the no form of this command. 


= no neighbor [ip-address | peer-group-name] timers keepalive holdtime 


Syntax Description 


Parameter Description 

ip-address IP address of neighbor 

peer-group-name Name of a BGP peer group 

keepalive Frequency (in seconds) with which the Cisco IOS software sends 


keepalive messages to its peer. The default is 60 sec. 


holdtime Interval (in seconds) after not receiving a keepalive message that 
the software declares a peer dead. The default is 180 sec. 
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Configuring MD5 Authentication 


This topic presents the command that is required to configure MD5 authentication on a session 
between BGP neighbors. 


Configuring MD5 Authentication 
a fC 


router (config-router) # 


neighbor ip-address password string 


* Enables Message Digest 5 authentication ona 
specific BGP session. 
* Password string on both routers must match. 


BGP v3.1—1-7 


neighbor password 


To enable MD5 authentication on a TCP connection between two BGP peers, use the neighbor 
password router configuration command. 


m= neighbor {ip-address | peer-group-name} password string 


To disable this function, use the no form of this command. 


= no neighbor {ip-address | peer-group-name} password 


Syntax Description 


Parameter Description 

ip-address IP address of neighbor 

peer-group-name Name of a BGP peer group 

string Case-sensitive password of up to 80 characters. The first 


character cannot be a number. The string can contain any 
alphanumeric characters, including spaces. You cannot specify a 
password in the format “number-space-anything.” The space after 
the number causes problems. 
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Announcing Networks in BGP 


This topic lists the Cisco IOS commands that are required to announce local networks to other 
BGP neighbors. 


Announcing Networks in BGP 


Only administratively defined networks are 
announced in BGP. 


* Manually configure networks to be announced. 
* Use redistribution from IGP. 
* Use aggregation to announce summary prefixes. 


BGP v3.1-1-8 


Before any local routing information can be injected by a router into its BGP table for 
advertising to other BGP routers, some basic configuration is required. 


There are two different ways to do this configuration: 


m= List the network numbers that are candidates to be advertised. Do this with the network 
configuration command. If any of the listed networks are reachable by the local router, 
according to its routing table, then the network is injected as a route into the BGP table. 


= Redistribute routing information that has been learned by other routing protocols into the 
BGP table. You can use the IGP that is used within the AS. Any route that is known by the 
local IGP can be injected into the BGP table using route redistribution between the IGP and 
BGP on the local router. 


A router can also introduce new routing information into the BGP table by summarizing routes 
already there. This activity is called route aggregation and also requires configuration. 


Any route that is introduced by the router into the BGP table will appear as a new route. The 
AS-path attribute for such a route will be empty, indicating a local route. The AS path changes 
later as the route passes AS boundaries. 
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Announcing Networks in BGP (Cont.) 


router (config-router) # 


(no) auto-summary 


* Enables or disables summarization of networks prior 
to insertion into the BGP table: 
— Locally inserted networks 
(using the network command) 
— Redistributed routes 
° Enabled by default 
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When the router is configured to locally announce routes into BGP, the behavior of the 
network command varies depending on whether automatic summarization is enabled or 
disabled. When automatic summarization is enabled, the command summarizes locally 
originated BGP networks to their classful boundaries. By default, automatic summarization is 
enabled for BGP. 


When a subnet exists in the routing table and the following three conditions are satisfied, then 
any subnet (component route) of that classful network in the local routing table will prompt 
BGP to install the classful network into the BGP table: 


m™ A classful network statement for that network exists in the routing table. 
m™ A classful mask has been configured on that network statement. 


= Automatic summarization is enabled. 


When automatic summarization is disabled, the routes that are introduced locally into the BGP 
table are not summarized to their classful boundaries. 


The BGP auto-summary command is also responsible for the behavior of the redistribution 
procedure in BGP. When the command is enabled, all redistributed subnets will be summarized 
to their classful boundaries in the BGP table. When it is disabled, all redistributed subnets will 
be present in their original form in the BGP table. 
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Announcing Networks in BGP (Cont.) 


To manually define a major network: 


router (config-router) # 


network major-network-number 


* Allows advertising of major networks into BGP. 


° At least one of the subnets must be present in the 
routing table. 


* Behavior is dependent on the presence of the 
auto-summary command. 


* The meaning of network command in BGP is 
completely different from any other routing protocol. 
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To specify the networks to be advertised by the BGP routing process, use the network router 
configuration command. To remove an entry, use the no form of this command. 


Note The meaning of the network command in BGP is radically different from the way that the 
command is used in other routing protocols. In all other routing protocols, the network 
command indicates interfaces over which the routing protocol will be run. In BGP, it 
indicates only which routes should be injected into the BGP table on the local router. Also, 
BGP never runs over individual interfaces; it is run over TCP sessions with manually 
configured neighbors. 


The network command with no mask option uses the classful approach to insert a major 
network into the BGP table. At least one subnet of the specified major network needs to be 
present in the IP routing table to allow BGP to start announcing the major network as a BGP 
route. If automatic summarization is disabled, an exact match is required. 
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Announcing Networks in BGP (Cont.) 


router (config-router) # 


network major-network-number route-map route-map-name 


* The addition of the route-map option allows network 
parameters to be modified before you enter them into 
the BGP table. 


* The route-map option can be used for: 


— Changing the weight value of a locally sourced route 
— Tagging sourced routes with BGP communities 

— Setting the local preference for a specific network 

— Changing the value of the MED for a specific network 
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When the router is configured to insert routes in the BGP table, the default attributes of locally 
sourced routes can be modified with the inclusion of the route-map option in the basic 
network command. 


The attached route-map can change the following attributes of locally sourced networks with 
the network command: 


= Weight (default value=32768): The weight attribute is a special Cisco attribute that is 
used in the path selection process when there is more than one route to the same 
destination. Because weight is considered before local preference in BGP route selection, 
locally sourced routes are always preferred, unless the weight value is modified. 


= Community (default value=nonexistent): Used for tagging routes at their source. 
= Local preference (default value=100): Used for AS-wide BGP best-path selection. 


= MED (default value=0): Used for return-path selection in topologies, where multiple exit 
points to the same neighbor AS exist. 


Example 


If a subnet existing in the routing table is 75.75.75.0 mask 255.255.255.0, and network 75.0.0.0 
is configured under the router bgp command (assuming automatic summarization is enabled), 
BGP will introduce the classful network 75.0.0.0 mask 255.0.0.0 in the BGP table. If the 
following three conditions are not all met, then BGP will not install any entry in the BGP table 
unless there is an exact match in the IP routing table: 


m™ A classful network statement for the network exists in the routing table. 
m™ A classful mask has been configured on that network statement. 


= Automatic summarization is enabled. 
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Redistributing Routes into BGP 


This topic describes route redistribution in BGP and identifies the Cisco IOS commands that 
are required to configure BGP route redistribution. 


Redistributing Routes into BGP 


* Easier than listing networks in BGP process in 
large networks. 


* Redistributed routes carry origin attribute 
“incomplete”. 


° Always filter redistributed routes to prevent route 
leaking. 


¢ Avoid in service provider environments. 


There are two alternatives for injecting local routes into the BGP table: list them using the 
network command or redistribute them. Listing the routes gives you total control over 
networks that could possibly be advertised by BGP. This is a very desirable option for 
multihomed customers or ISPs. On the other hand, this approach requires a lot of configuration 
commands that could be hard to maintain. 


If there are a lot of networks to be advertised, and BGP is used primarily to achieve scalability, 
not routing security (for example, in enterprise networks), it could be easier to let the local IGP 
find the routes and then redistribute them into BGP. However, this approach introduces the risk 
that the IGP may find some networks that are not supposed to be advertised. Private network 
numbers, such as network 10.0.0.0/8, are often used within an AS for various reasons but must 
never be advertised out to the Internet. Careful filtering must be done to prevent unintentional 
advertising. 


When the router injects a route that is listed with a network command into its BGP table, the 
origin code is set to “IGP.” If the route is injected into the BGP table through redistribution, the 
origin code is set to “unknown/incomplete.” 
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Redistributing Routes into BGP (Cont) 


Simple IGP-to-BGP Redistribution 

* Configure redistribution in BGP process 
* Configure route-filter using distribute-list 
* Caveat: 


—BGP routes originated through redistribution have 
incomplete origin 


router (config) # router bgp <AS> 

router (config-router) # redistribute <IGP> 

router (config-router)# distribute-list <ACL> out <IGP> 
router (config-router)# exit 

router (config)# access-list <ACL> permit <network> 
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Routes redistributed into BGP will carry the origin attribute “incomplete”. In most cases this 
situation does not jeopardize BGP functionality. It could pose a problem if the route selection 
process has to decide on the best route toward a particular destination based on the MED 
attribute. In the case of receiving two routes, one with the “IGP” origin (inserted with the 
network command), and another one with the “incomplete” origin, the first route would always 
be selected, no matter what value that the MED attribute is set to (according to the BGP route 
selection rules). 


redistribute (IP) 


To redistribute routes from one routing process into another routing process, use the 
redistribute router configuration command. 


™ redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric metric-value] 
[match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [weight 
weight] [subnets ] 


To disable redistribution, use the no form of this command. 


™ no redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric metric-value] 
[match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [weight 
weight] [subnets] 
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Syntax Description 


Parameter 


protocol 


Description 


Source protocol from which routes are being redistributed. It can 
be one of the following keywords: bgp 


process-id 


(Optional) For bgp, egp, or igrp, this is an AS number, which is a 
16-bit decimal number. 


For isis, this is an optional tag that defines a meaningful name for 
a routing process. You can specify only one Intermediate 
System-to-Intermediate System (IS-IS) process per router. 
Creating a name for a routing process means that you use names 
when configuring routing. 


For ospf, this is an appropriate OSPF process ID from which 
routes are to be redistributed. This ID identifies the routing 
process. This value takes the form of a nonzero decimal number. 


For rip, no process ID value is needed. 


level-1 For IS 
level-1-2 For IS 
level-2 For IS 


metric metric-value 


(Optional) Metric that is used for the redistributed route. If a value 
is not specified for this option, and no value is specified using the 
default 


match {internal | 
external 1 | external 


2} 


(Optional) For OPSF, the criteria by which OSPF routes are 
redistributed into other routing processes. It can be one of the 
following: 


m internal: Routes that are internal to a specific AS. 


m external 1: Routes that are external to the AS but are 
imported into OSPF as a type 1 external route. 


m external 2: Routes that are external to the AS but are 
imported into OSPF as a type 2 external route. 


route-map 


(Optional) The route-map should be interrogated to filter the 
importation of routes from this source routing protocol to the 
current routing protocol. If not specified, all routes are 
redistributed. If this keyword is specified, but no route-map tags 
are listed, no routes will be imported. 


map-tag 


(Optional) Identifier of a configured route-map. 


weight weight 


(Optional) Network weight when you are redistributing into BGP. 
An integer from 0 to 65535. 


subnets 


Indicates that not only networks with a natural mask should be 
redistributed but also subnets. 
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distribute-list out (IP) 


To suppress networks from being advertised in updates, use the distribute-list out router 
configuration command with routing-process specified. 


m distribute-list {access-list-number | access-list-name} out [interface-name | routing- 
process | autonomous-system-number] 

To cancel this function, use the no form of this command. 

# no distribute-list {access-list-number | access-list-name} out [interface-name | routing- 


process | autonomous-system-number] 


The access-list referred to by the distribute-list command permits those routes that should be 


redistributed. 
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Redistributing Routes into BGP (Cont) 


Redistribution Using Route-Maps 
* Origin can be set to “IGP” with a route-map 
¢ Other BGP path attributes can also be set: 
— Metric 


— Next-hop 


— Community 


router (config)# router bgp <AS> 

router (config-router)# redistribute <IGP> route-map intoBGP 
router (config-router)# exit 

router (config) # route-map intoBGP permit 

router (config-route-map) # match ip address <ACL> 

router (config-route-map)# set origin igp 

router (config-route-map) # exit 

router (config) # access-list <ACL> permit <network> 
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Route-maps can be configured on the router to filter updates and modify various attributes. A 
configured route-map can be applied to routes being redistributed from the IGP. 


Only the routes permitted by the route-map will be redistributed. Using the set command in the 
route-map, you can modify specific path attributes that are attached to the redistributed routes. 
Thus, only selected routes will be advertised, and they will have the desired attribute values. 


The route-map must be given a name. This name is a case-sensitive string, which is used when 
you are referring to it. Any string could be used, but a meaningful name is suggested. 


Use the route-map global configuration command and the match and set route-map 
configuration commands to define the conditions for redistributing routes. Each repetition of 
the route-map command has a list of match and set commands that are associated with it. The 
match commands specify the match criteria—the conditions under which redistribution is 
allowed for the current route-map command. The set commands specify the set actions—the 
particular redistribution actions to perform if the criteria enforced by the match commands are 
met. 


When you are passing routes through a route-map, it can have several parts. Any route that 
does not match at least one match clause relating to a route-map command will be ignored; 
that is, the route will not be advertised. If you want to modify only some data, you must 
configure a second route-map section with an explicit match specified. 
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Configuring Classless BGP 


This topic describes the classless behavior of BGP and the command that is required to 
advertise a classless BGP supernet prefix. 


Configuring Classless BGP 


* BGP4 supports classless interdomain routing 
(CIDR). 


¢ Any BGP router can advertise individual networks 
or supernets (prefixes). 


¢ Prefix notation is used with BGP instead of subnet 
masks. 


— 192.168.0.0/16 = 192.168.0.0 255.255.0.0 
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BGP4 is a classless protocol, meaning that its routing updates include IP address and the subnet 
mask. The combination of the IP address and the subnet mask is called an IP prefix. An IP 
prefix can be a subnet, a major network, or a supernet. 


BGP uses prefix notation (address/number of bits) to display IP prefixes. The number following 
the slash, “/”, in the 192.168.0.0/16 notation in the figure is referring to the number of bits in 
the subnet mask being set to 1. The subnet mask 255.255.0.0 starts with 16 consecutive bits set 
to 1, and the rest of the bits set to zero. 


As another example, the subnet 172.16.1.0 with mask 255.255.255.0 can be written using the 
prefix notation as 172.16.1.0/24. 


When classless prefix notation is used, an old class A network, for example, 10.0.0.0, with the 
natural mask, is written as 10.0.0.0/8. A class B network, 172.17.0.0 with natural mask, is 
written as 172.17.0.0/16, and a class C network, 192.168.1.0 with natural mask, is written as 
192.168.1.0/24. 
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Configuring Classless BGP (Cont.) 


To manually announce a classless prefix in BGP: 


router (config-router) # 


network ip-prefix-address mask subnet-mask 


* Configures a classless prefix to be advertised 
into BGP. 

° The prefix must exactly match an entry in the IP 
routing table. 

* Use a static route to null 0 to create a matching prefix 
in the IP routing table. 


To advertise classless networks into BGP (a subnet or a supernet), you can use the network 
command with the mask keyword and the subnet mask specified. When an exact match is not 
found in the IP routing table (for example, when you are creating a summary or when you are 
advertising only a part of your address space), a matching prefix has to be manually configured 
on the router in the form of a static route pointing to the null 0 interface; otherwise, the 
advertisement will not succeed. 


network (BGP) 


To specify the networks to be advertised by the BGP routing process, use the network router 
configuration command. 


= network network-number [mask network-mask] 


To remove an entry, use the no form of this command. 


= no network network-number [mask network-mask] 


Syntax Description 


Parameter Description 

network -number Network that BGP will advertise 
mask (Optional) 

network-mask (Optional) Network mask address 


If the keyword mask and the subnet mask are omitted, the network is assumed to have its 
natural mask according to the network class. In this case, the route will still be injected into the 
BGP table on the router if there is any subnet of the major network that is reachable according 
to the routing table. 
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If the network mask is specified, the behavior changes slightly and it is required that an exact 
match of network number and subnet mask appear in the routing table before the route is 
injected into the BGP table. 
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Example 


Configuring Classless BGP (Cont) 


To advertise a supernet prefix: 


* Advertise prefix 192.168.0.0/16 assigned to the 
Internet service provider. 


router (config)# router bgp 123 

router (config-router) # network 192.168.0.0 mask 255.255.0.0 
router (config)# exit 

router (config)# ip route 192.168.0.0 255.255.0.0 null O 


002G_019 


In this example, the IP address space 192.168.0.0/16 is assigned to a service provider, and the 
service provider would like that address space to be constantly advertised by BGP. The 
network command with the mask option tells BGP that 192.168.0.0/16 is a candidate for being 
advertised. The mask keyword and the mask 255.255.0.0 are required because the mask is not 
the natural one. 


However, before the candidate route is actually advertised, the router checks the routing table 
for an exact match (both network number and mask). It will always be found because there is a 
static route for it. This static route points to the null interface, which is always available. 


The conclusion is that 192.168.0.0/16 will always be advertised by this router. All other BGP 
routers will use this information and forward any IP packets with the destination IP address in 
the interval 192.168.0.0 to 192.168.255.255 (inclusive) in the direction of this router. 


When those packets arrive, the router, in this example, must have more explicit routes to the 
different parts of the 192.168.0.0/16 address range. This need could be answered by the IGP, 
which is not shown in the configuration example. 


If, however, an IP packet arrives with a destination address to which this router does not have a 
more explicit route, the static route will route the packet to the null interface, where it is 
dropped. This routing is a safety precaution that will prevent a routing loop, which might occur 
when route summaries are used in combination with default routing. If, for example, a packet 
arrives from the Internet to a subnet of 192.168.0.0/16, which is currently not reachable, the 
packet might otherwise follow the default route toward the Internet because there is no more 
explicit route. Of course, the packet will immediately be routed back again, and a routing loop 
will occur. 
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Aggregating BGP Networks 


1-90 


This topic describes route summarization in BGP. It also lists the configuration commands that 
are required to configure summary routes in BGP. 


Aggregating BGP Networks 


Summarization is called “aggregation” 
in BGP. 


* Aggregation creates summary routes (called 
“aggregates”) from networks already in BGP table. 


¢ Individual networks can be announced or 
suppressed. 
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When the BGP table is already populated with routes that should be summarized, you must 
configure a router to do so. The summarization of BGP routes is called “aggregation.” 


Use aggregation when a group of more specific routes has been injected into the BGP table at 
one stage but can be summarized at a later stage. The routes to be summarized could be IGP 
routes that have been redistributed into BGP. Before BGP advertises these routes to the rest of 
the network, an aggregation of the subnets into a larger announcement would be appropriate. 


In some networks, more specific routes are injected into the BGP table by some routers, and 
aggregation is done in another router or even in another AS. This is called “proxy aggregation.” 


When a router is configured to do aggregation, you must configure the route summary. If any 
route that is already in the BGP table is within the range that is indicated by the summary, then 
the summary route is also injected into the BGP table on the route and advertised to other 
routers. This action creates more information in the BGP table. To get any benefits from the 
aggregation, you must suppress the more specific routes that are covered by the route summary. 
This suppression is an option to the aggregate configuration command. 


When you suppress the more specific routes through configuration, they are still present in the 
BGP table of the router doing the aggregation. However, because the routes are marked as 
suppressed, they are never advertised to any other router. 
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Aggregating BGP Networks (Cont.) 


router (config-router) # 


aggregate-address address-prefix mask 


* Specify aggregation range in BGP routing process. 


¢ The aggregate will be announced if there is at least 
one network in the specified range in the BGP table. 


¢ Individual networks will still be announced in 
outgoing BGP updates. 
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In this configuration command syntax, where the keyword summary-only is not used, both the 
route summary and the more specific routes will be advertised. This approach is generally not 
desirable. Therefore, the suppressing of individual routes, described next, is used in most cases. 


aggregate-address 


To create an aggregate entry in a BGP routing table, use the aggregate-address router 


configuration command. 


™ aggregate-address address mask [as-set] [summary-only] [suppress-map map- 
name ]|[advertise-map map-name] [attribute-map map-name] 


To disable this function, use the no form of this command. 


™ no aggregate-address address mask [as-set] [summary-only] [suppress-map map- 


name ][advertise-map map-name] [attribute-map map-name] 


Syntax Description 


Parameter Description 
address Aggregate address 
mask Aggregate mask 


summary -only 


(Optional) Suppresses more specific routes 
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Aggregating BGP Networks (Cont.) 


An alternative method to configure aggregation 


router (config-router) # 


aggregate-address address-prefix mask summary-only 


° Configure aggregation of BGP routes 
° Advertise only the aggregate and not the individual 
networks 


Benefits: 
¢ Smaller BGP routing tables 
* More stable internetworks (less route flapping) 


Drawbacks: 
¢ Problems with multihomed customers 
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When the summary-only option is used, only the route summary will be advertised, not the 
more specific routes. 


One of the benefits of this approach is that the rest of the routers will receive only one route 
instead of many more specific routes. It eases the burden on the other routers by reducing the 
amount of memory that is required to hold the BGP table. 


Another benefit is that route flapping is reduced. The router doing the aggregation will keep on 
advertising the aggregate as long as there is at least one specific route within the range still 
available. If one of the more specific routes is lost, but at least one remains, the aggregate itself 
will not be lost. The flap of the more specific route is not visible to the rest of the network. This 
approach reduces the amount of updates necessary and the CPU power that is required to 
process them. 


However, all route summarization in any routing protocol causes a loss of granularity (that is, 
lack of more detail network or subnet visibility). Suboptimal routing could be introduced when 
redundant paths are available to reach a group of networks that are advertised by a single route 
summary. Some of the networks could be more reachable via one of the paths, while others 
may be more reachable another way. From outside the immediate network, multiple paths may 
not be visible because only summary routes are advertised. Therefore, there is a risk that the 
least optimum path will be chosen. 
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Example 


Aggregation Example 


Classless BGP Sample Configuration 
¢ Advertise prefix 192.168.0.0/20. 


* Aggregate networks in 192.168.16.0/20 and 
announce individual networks. 


° Aggregate networks in 192.168.32.0/20 and suppress 
individual network announcements. 


router (config)# router bgp 123 

router (config-router)# network 192.168.0.0 mask 255.255.240.0 

router (config-router)# aggregate-address 192.168.16.0 255.255.240.0 

router (config-router)# aggregate-address 192.168.32.0 255.255.240.0 summary-only 
router (config-router)# exit 

router (config)# ip route 192.168.0.0 255.255.240.0 null 0 
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The configuration example in the figure shows three different ways of advertising a route 
summary: 


m The prefix 192.168.0.0/20 is always advertised. It is injected into the BGP table as a 
summary. The network statement makes it a candidate for being advertised. Because the 
mask is specified, an exact match in the routing table is a required condition before the 
route is injected into the BGP table. The matching route is inserted in the IP routing table 
by the static ip route statement to the null 0 interface. 


m The prefix 192.168.16.0/20 is conditionally advertised. It is injected into the BGP table 
whenever there is a more specific route within the route summary range that is already in 
the BGP table. However, the more specific route is still advertised. 


m The prefix 192.168.32.0/20 is also conditionally advertised. It is injected into the BGP table 
whenever there is a more specific route within the route summary range that is already in 
the BGP table. However, any more specific routes are suppressed and not advertised to any 
neighbors. 
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Aggregation Example (Cont.) 


Viewing the BGP Table 


asl123#show ip bgp 

BGP table version is 16, local router ID is 1.2.3.4 

Status codes: s suppressed, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight Path 
1.0.0.0 0 ie} 32768 i 
21.0.0.0 37 


37.0.0.0 


192.168.0.0/20 
192.168.16.0/20 
192.168.16.0 
192.168.17.0 
192.168.32.0/20 
192.168.32.0 
192.168.33.0 


CODVDVDVDDONWNWO 


COCKCCOCOW WHO 
oooocooookuUbUO 


COC0CCCOOUNAUD 
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The show ip bgp command prints the BGP table. As shown in the figure, all three prefixes are 
injected: 


m= The prefix 192.168.0.0/20 is always injected. 


m The prefix 192.168.16.0/20 is injected because there is at least one more specific route 
within the summary range. In this case, both 192.168.16.0/24 and 192.168.17.0/24 are 
within the range. Nothing is changed with the more specific routes, so they are still 
advertised. 


m The prefix 192.168.32.0/20 is injected because there is at least one more specific route 
within the summary range. In this case, both 192.168.32.0/24 and 192.168.33.0/24 are 
within the range. The more specific routes are marked as suppressed using the lowercase 
letter “s.” The “s” means that they are still present and available in the BGP table of the 
router, but they are not advertised on any BGP session. 


Note Because the prefixes 192.168.16.0/24, 192.168.17.0/24, 192.168.32.0/24, and 
192.168.33.0/24 all have natural masks as applied to class C networks, the prefix length is 
not displayed in the show ip bgp printout. The network mask is, however, stored in the BGP 
table and sent on any BGP update. 
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Aggregation Example (Cont.) 


Debugging BGP Updates 


Router#debug ip bgp updates 

1:36:43: BGP: 2.3.4.5 send UPDATE : -0.0 255.255.240.0, next 2.3.4.6, 
metric 0, path 123 

1:36:43: BGP: 2.3.4.5 send UPDATE 7 -16.0 255.255.255.0, next 2.3.4.6, 
metric 0, path 123 

1:36:43: BGP: 2.3.4.5 send UPDATE : -17.0 255.255.255.0, next 2.3.4.6, 
metric 0, path 123 

1:36:43: BGP: 2.3.4.5 send UPDATE : -16.0 255.255.240.0, next 2.3.4.6, 
metric 0, path 123 

1:36:43: BGP: 2.3.4.5 send UPDATE : -32.0 255.255.240.0, next 2.3.4.6, 
metric 0, path 123 
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The debug output shows the BGP updates that have been sent to a neighbor. All three route 
summary prefixes, 192.168.0.0/20, 192.168.16.0/20, and 192.168.32.0/20, are included in the 
updates. Also, the nonsuppressed more explicit routes, 192.168.16.0/24 and 192.168.17.0/24, 
are included in the update. However, the suppressed more explicit routes, 192.168.32.0/24 and 
192.168.33.0/24, are never sent as updates on the BGP session. 
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Multihomed Customer Problem 


This topic describes a situation in which route aggregation in BGP is not appropriate. 


Multihomed Customer Problem 


Alternate Provider 


Multihomed 
Customer 
Rest of the Internet 


Primary Provider 
(aggregating) 


* Customer prefers primary provider using alternate only as 
backup. 


¢ Primary provider advertises the aggregate. 
¢ Alternate provider advertises individual network. 
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In this example, the primary provider is doing aggregation of 192.1.0.0/16 before sending it to 
the rest of the network. This situation means that the primary provider is also doing proxy 
aggregation for the route 192.1.1.0/24 that is advertised by the multihomed customer. The rest 
of the Internet will not see the route 192.1.1.0/24 via the primary provider. 


The multihomed customer also advertises 192.1.1.0/24 to the alternate provider. In this case, 

the provider does not do any aggregation of any routes starting with 192.1 (and should not do 
so). This situation means that the alternate provider will propagate 192.1.1.0/24 to the rest of 
the Internet. 
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Multihomed Customer Problem (Cont.) 


Alternate Provider 


192.1.1.0/24 ) =| 192.1.1.0/24 
Multihomed J a 
[ata 


Customer __ = 
7 Rest of the Internet 
ZK] 


192.1.1.0/24 192.1.0.0/16 


Primary Provider 
(aggregating) 


002G_023 


Customer prefers primary provider using alternate only as 
backup. 


Primary provider advertises the aggregate. 
Alternate provider advertises individual network. 
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The rest of the Internet now sees overlapping routes. It sees 192.1.1.0/24 as reachable via the 
alternate provider and 192.1.0.0/16 as reachable via the primary provider. These two routes are 
treated as different routes. They are not compared with each other in a route selection process 
because they indicate different destinations. Because the router views them as different 
destinations, both routes will be injected into the routing table. 


If a packet arrives with a destination address in the 192.1.1.0/24 network, the rest of the 
Internet will follow the “longest matching prefix” rule and forward the packet to the alternate 
provider. 


To avoid this, the primary provider must turn off aggregation. If the primary provider does so, 
the rest of the Internet will see 192.1.1.0/24 both ways. And, because exactly the same route 
(network and mask) is reachable two ways, route selection processing starts. Depending on the 
attribute values, the rest of the Internet could be advised to use the primary provider instead of 
the alternate one. 


However, turning off aggregation will also cause the primary provider to advertise all routes 
within the aggregate, and all benefits of aggregation will be lost. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
ee ee Scone | 


* The BGP process in a Cisco router is started with the 
router bgp command. 


When you are configuring BGP neighbors, you must 
specify the neighbor IP address and the remote AS 
number. 


The BGP keepalive and holdtime timers can be changes 
for the BGP process or on a per-neighbor basis. 


Message Digest 5 authentication can be used to secure a 
connection between two BGP neighbors. 


Local networks are announced in BGP by listing them 
with the network command or by redistributing them with 
the redistribute command. The network command can be 
used to announce any IP prefix. If you use the classless 
version of the network command, a matching route has to 
reside in the IP routing table. 
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Summary (Cont.) 


* Care must be taken when you are redistributing 
routes from an IGP so that unwanted routes are not 
injected into BGP. 


There are cases where routes that are already in the 
BGP table have to be summarized. This process is 
called “aggregation” in BGP and is configured with 
the aggregate-address command. 


BGP route aggregation is performed to reduce the 
size of the routing table and to make networks more 
stable so that the flap of an IP prefix within the 
aggregate will not cause the whole aggregate to flap. 


BGP route aggregation is not appropriate in 
multihomed topologies. 
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References 


For additional information, refer to this resource: 


m= For more information on basic BGP configuration, refer to “Border Gateway Protocol” at 
the following URL: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bgp.htm 


Next Steps 
For the associated lab exercise, refer to the following section of the course Lab Guide: 
m Lab Exercise 1-1: Initial Lab Setup 
m Lab Exercise 1-2: Configuring Basic BGP 
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Monitoring and 
Troubleshooting BGP 


Overview 


This lesson introduces the different Cisco IOS commands that are available for monitoring and 
troubleshooting basic BGP configurations. The commands that are required to monitor the 
status of BGP, neighbor connections, and the BGP table are discussed. The lesson also 
discusses techniques for troubleshooting the most common BGP session startup issues. 


Relevance 


BGP monitoring commands are important to ensuring that basic BGP configurations are 
operating correctly. If basic BGP configurations are not functioning as expected, BGP 
troubleshooting skills are critical to successful problem resolution. 


Objectives 


Upon completing this lesson, you will be able to identify Cisco IOS commands to monitor BGP 
configurations and troubleshoot BGP sessions. This includes being able to meet these 
objectives: 


m Identify the Cisco IOS command that is required to monitor the status of the BGP routing 
process 


m Identify the Cisco IOS command that is required to monitor BGP neighbors 

m= Identify the Cisco IOS commands that are required to monitor the BGP table 

m Identify the Cisco IOS commands that are required to perform basic BGP debugging 
m List common BGP session startup problems 

m= Troubleshoot basic BGP session startup problems when the neighbor is not reachable 
m= Troubleshoot basic BGP session startup problems when the neighbor is not configured 


m= Troubleshoot basic BGP session startup problems when an AS number mismatch exists 
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Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
— eS ci] 


° Overview 

* Monitoring Overall BGP Routing 
* Monitoring BGP Neighbors 

* Monitoring the BGP Table 


* Debugging BGP 

° BGP Session Startup Problems 
* BGP Neighbor Not Reachable 

* BGP Neighbor Not Configured 
* BGP AS Number Mismatch 

° Summary 
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Monitoring Overall BGP Routing 


This topic presents the command that is used to monitor the overall status of the BGP routing 
protocol process. 


Monitoring Overall BGP Routing 


router> 


show ip bgp summary 


* Displays BGP memory use, and BGP neighbors and 
the state of communication with them 


Fred#show ip bgp summary 

BGP table version is 8, main routing table version 8 
network entries (8/12 paths) using 832 bytes of memory 
BGP path attribute entries using 576 bytes of memory 
BGP route-map cache entries using 0 bytes of memory 
BGP filter-list cache entries using 0 bytes of memory 
received paths for inbound soft reconfiguration 


AS MsgRevd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 
80 81 0 01:15:51 2 
81 ce) ce) 0 00:00:15 Active 
82 ie} ie} 0 02:15:23 Idle 


BGP v3.1—1-3 


This command is a very useful one when you are troubleshooting BGP. The output in the figure 
provides a short summary of the status of the BGP process in the router. 


The first section of the output describes the BGP table and its content: 


= The “BGP table version” is the version number of the local BGP table. This number is 
increased every time that the table is changed. 


m= The “main routing table version” shows the last version of the BGP database that was 
injected into the main routing table. 


m The subsequent lines of text indicate the amount of memory that has been allocated to hold 
the table. These lines of text display how many networks are known and how many 
different paths and attribute values are associated with them. 
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The second section of the output is a table in which the current neighbor statuses are shown. 
There is one line of text for each neighbor that has been configured. The columns are as 


follows: 

m IP address of the neighbor as configured in the local router 

= BGP version number that is used by the router when communicating with the neighbor 

m= AS number of the remote neighbor 

m= Number of messages and updates that have been received from the neighbor since the 
session was established 

m= Number of messages and updates that have been sent to the neighbor since the session was 
established 

m Version number of the local BGP table that has been included in the most recent update to 
the neighbor 

m= Number of messages that are waiting to be processed in the incoming queue from this 
neighbor 

= Number of messages that are waiting in the outgoing queue for transmission to the 
neighbor 

m= How long the neighbor has been in the current state and the name of the current state (the 


state “Established” is not printed out, so no state name indicates “Established”) 


You can use this information to verify that BGP sessions are up and established. If they are not, 
you will have to further investigate the BGP configuration to locate the problem. You can also 


verify the IP address and AS number of the configured BGP neighbor with the show ip bgp 
summary command. 


If the session is “Established,” the number of messages that have been sent and received, as 

displayed in the output of the show ip bgp summary command, can indicate BGP stability. 

Use the command a few times, with a time interval between the printouts, and calculate how 
many messages have been exchanged during that period. 


A large number of messages in the incoming queue indicates a lack of CPU resources in the 


local router. A large number of messages in the outgoing queue indicates a lack of bandwidth to 


the remote router or a lack of CPU resources in the remote router. 


show ip bgp summary 
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To display the status of all BGP connections, use the show ip bgp summary EXEC command. 


= = show ip bgp summary 


Syntax Description 


This command has no arguments or keywords. 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Copyright © 2004, Cisco Systems, Inc. 


Monitoring BGP Neighbors 


This topic presents the Cisco IOS command that is used to monitor BGP neighbors. 


Monitoring BGP Neighbors 
_——— et ea ae 


router> 


| show ip bgp neighbors ip-address 


* Displays detailed neighbor information 


Fred#show ip bgp neighbors 1.2.0.1 
BGP neighbor is 1.2.0.1, remote AS 213, external link 
Index 3, Offset 0, Mask 0x8 
BGP version 4, remote router ID 10.1.1.1 
BGP state = Established, table version = 11, up for 01:23:05 
Last read 00:00:05, hold time is 180, keepalive interval is 60 seconds 
Minimum time between advertisement runs is 30 seconds 
Received 92 messages, O notifications, O in queue 
Sent 92 messages, O notifications, 0 in queue 
Connections established 1; dropped 0 
Last reset never 
No. of prefix received 2 
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You can use this command for two different purposes. The general purpose, as shown in the 
figure, is to get information about the TCP session and the BGP parameters of the session. All 
BGP session parameters are displayed. In addition, TCP timers and counters are also displayed. 


The other use is not shown in this example. If any of the optional qualifiers referring to routes 
or paths are given, the BGP routing information that was sent or received on this session will be 
displayed. This feature is useful when you are troubleshooting path selection. 
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show ip bgp neighbors 


To display information about the TCP and BGP connections to neighbors, use the show ip bgp 
neighbors EXEC command. 


m= show ip bgp neighbors [address] [received-routes | routes | advertised-routes | {paths 
regular-expression} | dampened-routes] 


Syntax Description 


Parameter Description 

address (Optional) Address of the neighbor whose routes you have 
learned from. If you omit this argument, all neighbors are 
displayed. 

received-routes (Optional) Displays all received routes (both accepted and 
rejected) from the specified neighbor. 

routes (Optional) Displays all routes that are received and accepted. 
This is a subset of the output from the received-routes keyword. 

advertised-routes (Optional) Displays all the routes that the router has advertised to 
the neighbor. 

paths regular- (Optional) Regular expression that is used to match the paths 

expression received. 

dampened-routes (Optional) Displays the dampened routes to the neighbor at the 


IP address specified. 
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Monitoring the BGP Table 


This topic lists the Cisco IOS commands that are used to monitor the BGP routing table. 


Monitoring the BGP Table 


ert ne OREN 


router> 


| show ip bgp 


* Displays all routes in the BGP table in summary 
format 


Fred#show ip bgp 
BGP table version is 11, local router ID is 12.1.2.3 


Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight Path 
*> 10.0.0. 1.2.0. 500 0 213 i 
* 1000 213 i 
*> 11.0.0. 500 213 i 
* 1000 0 213 i 

fe) i 

ce) 0 387 i 


Oo 
*> 12.0.0. 
*> 14.0.0. 


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 


In most cases, when the show ip bgp command is given without optional qualifiers, the entire 
BGP table is displayed. An abbreviated list of information about each route is displayed, one 


line per prefix. The output is sorted in network number order. Therefore, if the BGP table 


contains more than one route to the same network, the routes are displayed on successive lines. 
The network number is printed on the first of these lines only. The following lines, which are 


referring to the same network, have the network number field left blank. 


Some, but not all, of the BGP attributes that are associated with the route are displayed on the 
line. Next-hop, MED (displayed as “Metric”), local preference, and weight each have their own 


columns. The AS-path attribute is displayed as the sequence of AS numbers in the “Path” 


column. Immediately following the AS path, but not part of the AS-path attribute, the origin 


attribute is displayed. The lowercase letter “i” means IGP, “e” means EGP, and “?” means 


incomplete or unknown. 


The BGP path selection will select one of the available routes to each of the networks as the 


best. This route will be pointed out by the character “>” in the left column. 


BGP Overview 
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show ip bgp 
To display entries in the BGP routing table, use the show ip bgp EXEC command. 
m= = show ip bgp [network] [network-mask] [longer-prefixes] 


Syntax Description 


Parameter Description 

network (Optional) Network number, which is entered to display a 
particular network in the BGP routing table 

network-mask (Optional) Displays all BGP routes matching the address and 
mask pair 

longer-prefixes (Optional) Displays the network and its more specific networks or 
prefixes. 


Monitoring the BGP Table Ss, 


router> 


show ip bgp ip-prefix [mask subnet-mask] 


* Displays detailed information about all paths fora 
single prefix 


Advertising router router-ID 


Advertising router IP address 


Fred#show ip bgp 11.0.0.0 
BGP routing table entry for 11.0.0.0/8, version 5 
Paths: (2 available, best #1, advertised over EBGP) 
213 
1.2.0.1 from 1.2.0.1 (10.1.1.1) 
Origin IGP, metric 500, localpref 100, valid, external, best 


-1.0.1 from 1.1.0.1 (1f.0.0.1) 
Origin IGP, metric 10N0, localpref 100, valid, external 


Other BGP attributes 
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If more information and the complete set of BGP attributes are required, the show ip bgp 
command should be entered with the network number on the command line. This command 
displays all relevant BGP information about that specific network. 


In this example, the information about network 11.0.0.0 is displayed. There are two different 
routes to 11.0.0.0. One is received from neighbor 1.2.0.1 and the other from 1.1.0.1. 


The BGP route selection process has selected the route via 1.2.0.1 as the best. This is thus the 
route that BGP will try to install in the routing table. Installation of routes in the routing table is 
made based on the AD. 
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Debugging BGP 


This topic lists the Cisco IOS commands that are used to perform debugging of basic BGP 
configurations. 


Debugging BGP 


router# 


debug ip tcp transactions 


* Displays all TCP transactions (start of session, 
session errors, etc.) 


router# 


debug ip bgp events 


* Displays significant BGP events (neighbor state 
transitions, update runs) 
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If a BGP session stays in the Active state, where it is actively sending connection attempts to 
the neighbor, debug ip tcp transactions can provide valuable information about failed 
connection attempts. All TCP transactions in the router are displayed on the console as they 
happen. The network administrator can then determine if the TCP session is being established, 
and, if not, what the probable cause of the problem might be. 


If the TCP session succeeds but is torn down within a short period of time, the reason might be 
found if you use debug ip bgp events. All BGP events will be displayed on the console as they 
happen if this debug command is enabled. 
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Debugging BGP (Cont.) 


router# 


debug ip bgp keepalives 


* Debugs BGP keepalive packets 


router# 


debug ip bgp updates 


* Displays all incoming or outgoing BGP updates 
¢ Use with caution 
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In a stable state with no network topology changes, no BGP updates are sent between 
neighboring routers. When a BGP session has been idle for some time, the BGP protocol will 
exchange keepalive packets between BGP neighbors. The keepalive timer has a default value of 
60 sec. 


Use debug ip bgp keepalives to get a printout on the console for every keepalive packet that is 
sent or received. Successful keepalive exchanges indicate that the session is working and is in a 
stable state. 


If no keepalives have been sent or received, the session might still be working. The reason for 
not seeing any keepalives is that the session is never idle long enough. 


Use debug ip bgp updates to get a printout on the console for every update message that is 
sent or received. The successful exchange of updates indicates that the session is working and 
is not in the “Idle” state. 


In a large network, updates are sent and received in large volumes. Starting debug ip bgp 
updates might cause extensive output on the console. In some cases, the CPU resources that 
are used to generate those outputs are so great that few CPU resources remain to actually 
forward traffic. In a case with very busy BGP sessions, it is actually possible to set the router in 
a condition where all CPU resources are consumed with the debugging printouts. 
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Debugging BGP (Cont.) 


router# 


debug ip bgp updates acl 


* Displays all incoming or outgoing BGP updates for 
routes matching an IP access control list (ACL) 


router# 


debug ip bgp ip-address updates [acl] 


* Displays all BGP updates received from or sent toa 
BGP neighbor (optionally matching an IP ACL) 
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To avoid debug printouts for every update that is sent or received, you can create and associate 
an access-list with the debug command. When you use this command, the console will display 
only the updates that refer to a network number that is permitted by the access-list. The 
command is extremely useful in a live network with busy BGP sessions where the 
troubleshooter is interested only in updates for specific networks. 


Indicating a specific neighbor can even further restrict the debugging. The console will display 
only the updates on the session with the indicated neighbor. Optionally, you can combine this 
debug command with an access-list. 
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BGP Session Startup Problems 


This topic lists the most common session startup issues that you can experience when 
configuring basic BGP. 


BGP Session Startup Problems 


Common BGP session startup symptoms: 
* BGP neighbors do not become active. 


° BGP neighbor is active, but the session is never 
established. 


¢ BGP neighbor oscillates between idle and active. 
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There are a number of common BGP session startup symptoms: 
= A BGP neighbor never becomes active. 
= A BGP neighbor is active, but the BGP session is not established. 


m= The BGP neighbor state oscillates between idle and active. 
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BGP Neighbor Not Reachable 


This topic describes basic BGP troubleshooting for BGP session startup problems where the 
neighbor is not reachable. 


BGP Neighbor Not Reachable 


° Symptom: 
—BGP neighbors do not become active. 


* show ip bgp neighbors displays the neighbor 
state as idle for several minutes. 


¢ Diagnosis: 

—Neighbor is not directly connected. 
* Verification: 

— Verify with show ip route. 
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BGP sessions to a router in another AS should normally run across directly connected 
interfaces (routers that share a common IP subnet). You must configure neighboring routers to 
reach each other using the IP address belonging to this shared subnet so that no other routing 
protocol is required to set up the BGP session. 


If a router is configured with a BGP neighbor that is in another AS but not directly connected, 
the session will stay in the Idle state. The router will not even attempt to set up the session. 


The normal way to fix this problem is to change the neighbor reference so that it is referred by 
an IP address that is directly connected. However, in some odd cases, the neighbor is 
intentionally reachable using an interface that is not directly connected. In that rare case, the 
local router must have routing information on how to reach that address. Also, you must 
configure the BGP session with the ebgp-multihop option. 


If the session goes into the Active state, the router will attempt to establish the session. If 
session establishment is unsuccessful, you will have to troubleshoot the problem. The debug ip 
tcp transactions command will display the connect attempts. 
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BGP Neighbor Not Reachable (Cont.) 


Symptom: 
* BGP neighbor is active; session is not established. 


— debug ip tcp transactions display shows that 
the TCP SYN packet is not answered witha 
SYN-ACK packet. 


Diagnosis: 
* Neighbor is not reachable. 
Verification: 
° Verify connectivity with ping. 
¢ Check for the presence of an access-list. 
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TCP session establishment starts with the router sending a TCP SYN packet. If the TCP SYN 
packet is never answered, the remote router might be dead or not reachable. Try to use the ping 
command and verify the existence of the remote router and the IP packet exchange between the 
local and remote router. 
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Example 


BGP Neighbor Not Reachable ccont) 


In the example here, the remote BGP router is not available. The sending router, therefore, 
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Router#debug ip tcp transaction 


TCB82119C40 created 

TCB82119C40 setting property TCP WINDOW SIZE (0) 8223BDE8 
TCB82119C40 setting property TCP TOS (11) 8223BDEC 
TCB82119C40 bound to 192.168.4.13.11007 

TCP: sending SYN, seq 545426735, ack 0 

TCPO: Connection to 192.168.4.14:179, advertising MSS 1460 
TCPO: state was CLOSED -> SYNSENT [11007 -> 192.168.4.14(179)] 


TCPO: state was SYNSENT -> CLOSED [11007 -> 192.168.4.14(179) ] 
TCB 0x82119C40 destroyed 


SYN packet is sent 


SYN+ACK reply never came back, 
TCP session is closed 
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never receives the reply to the SYN packet and aborts the TCP session in approximately 45 sec 
(changing the state from synsent to closed). 
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BGP Neighbor Not Configured 


This topic describes basic BGP troubleshooting for BGP session startup problems where the 
neighbor is not configured. 


BGP Neighbor Not Configured 


Symptom: 
* BGP neighbor is active; session is not established. 
— debug ip tcp transactions display shows that the 
TCP SYN packet is answered with an RST packet. 
Diagnosis: 
° This router is not configured as the BGP neighbor 
on the neighboring router. 
Verification: 


* Check IP addresses of BGP neighbors with show ip 
bgp summary on the neighboring router. 


If the TCP SYN packet is answered with a TCP RST packet, the remote router is alive and 
reachable but is not willing to grant the connection attempt. The reason for this refusal may be 
that BGP has not been fully configured on the remote router or that the source IP address that is 
used by the local router in the connection attempt is not in the list of valid neighbors for the 
remote router. 
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Example 


BGP Neighbor Not Configured (Cone) 


Router#debug ip tcp transaction 


: TCB82119C40 created 
: TCB82119C40 setting property TCP WINDOW SIZE (0) 8223BDE8 
: TCB82119C40 setting property TCP TOS (11) 8223BDEC 
: TCB82119C40 bound to 192.168.4.13.11005 
: TCP: sending SYN, seq 305377215, ack 0 
: TCPO: Connection to 192.168.4.14:179, advertising MSS 1460 
: TCPO: state was CLOSED -> SYNSENT [11005 -> 192.168.4.14(179) ] 
: TCPO: state was SYNSENT -> CLOSED [11005 -> 192.168.4.14(179) ] 
: TCPO: bad seg from 192.168.4.14 -- closing connection: seq 0 ack 
revnxt O revwnd O len 0 
16:30:30: TCPO: connection closed - remote sent RST 
16:30:30: TCB 0x82119C40 destroyed 


SYN packet is sent 


Neighbor replies with RST packet, 
TCP session is closed 
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In the example here, the remote router is not configured for BGP or there was a mismatch in the 
neighbor IP addresses. The remote router responds with an RST packet as soon as it receives 
the initial SYN packet, terminating the BGP session. 
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BGP AS Number Mismatch 


This topic describes basic BGP troubleshooting for BGP session startup problems where the AS 
numbers are not properly configured. 


BGP AS Number Mismatch 


Symptom: 
* BGP neighbor oscillates between active and idle. 


— debug ip tcp transactions displays the TCP 
session being established and torn down 
immediately. 

Diagnosis: 
* AS number mismatch between BGP neighbors. 
Verification: 


° Verify the AS numbers configured for neighboring 
routers using the show ip bgp summary on both 
routers. 
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If the TCP session is established using the specified three-way handshake of SYN, SYN-ACK, 
and ACK, but the router drops the session after a short packet exchange, the BGP parameters 
are mismatched. Make sure that the remote AS that is configured on the router matches the 
local AS that is configured on the neighbor. If the AS numbers do not match, the router will 
drop the session after exchanging BGP Open messages. 
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Example 


BGP AS Number Mismatch Cont) 


Router#debug ip tcp transaction 
Router#debug ip bgp event 
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TCB82119C40 created 
state was LISTEN -> SYNRCVD [179 -> 192.168.4.14(11000) ] 


TCPO: 


TCPO: Connection to 192.168.4.14:11000, received MSS 1460 
sending SYN, seq 918933898, ack 862828853 

TCPO: Connection to 192.168.4.14:11000, advertising MSS 1460 
state was SYNRCVD -> ESTAB [179 -> 192.168.4.14(11000) ] 


TCP: 


TCPO: 


TCB821197BC callback 


TCB821197BC accepting 82119C40 from 192.168.4.14.11000 
BGP: 192.168.4.14 reset due to BGP Notification sent 


TCPO: 
TCPO: 


rights 


state was ESTAB -> FINWAIT1 [179 -> 192.168.4.14(11000) ] 


sending FIN 


BGP notification is sent due to AS 
number mismatch in Open message 


TCP session is established 


0026_031 


BGP v3.1—1-17 


Whenever there is a mismatch in AS numbers (or any other BGP parameters that are necessary 
for proper BGP operation), the BGP session is terminated with a BGP notification, and the TCP 
session is terminated as well. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
ee en Caseone = — | 


* The show ip bgp summary command displays the overall 
status of BGP, and configured neighbors and their state. 


You can use the show ip bgp neighbors command to get 
more in-depth information about a specific BGP neighbor. 


All entries in the BGP table can be displayed with the show 
ip bgp command. You can also use show ip bgp to display 
an extended printout about a specific route in the BGP 
table. 


You can use the debug ip tcp transactions command to 
troubleshoot BGP session establishment problems. 


* The command debug ip bgp events displays significant BGP 
events, while debug ip bgp updates will display the routing 
information being exchanged between BGP neighbors. 
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Summary (Cont.) 


* Three common BGP session startup symptoms are 
that BGP neighbors never become active, that the 
BGP neighbor is active but the BGP session is not 
established, and that the BGP neighbor state 
oscillates between idle and active. 


If a router is configured with a BGP neighbor that is 
in another AS but not directly connected, the session 
will stay in the Idle state. 


If a BGP neighbor is unreachable, no reply will be 
sent for the TCP SYN packet, causing the session to 
time out. 


If the TCP session is established using the three-way 
handshake (SYN, SYN-ACK, ACK), but the session is 
dropped after a short packet exchange, BGP 
parameters are mismatching. 
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References 


For additional information, refer to these resources: 


m= For more information on BGP monitoring and troubleshooting, refer to “Border Gateway 
Protocol” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/bgp.htm 


m= For further information on BGP monitoring and troubleshooting, refer to “Using the Border 
Gateway Protocol for Interdomain Routing” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm 


Copyright © 2004, Cisco Systems, Inc. BGP Overview 1-121 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


1-122 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Lesson Assessments 


Overview 


Use the lesson assessments here to test what you learned in this module. The correct answers 
and solutions are found in the Lesson Assessment Answer Key. 
Outline 
This section includes these assessments: 
@ Quiz 1-1: Introducing BGP 
m Quiz 1-2: Establishing BGP Sessions 
™ Quiz 1-3: Understanding BGP Path Attributes 
m Quiz 1-4: Processing BGP Routes 
@ Quiz 1-5: Configuring Basic BGP 
@ Quiz 1-6: Monitoring and Troubleshooting BGP 
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Quiz 1-1: Introducing BGP 


Complete this quiz to assess what you learned in the lesson. 


Objectives 
This assessment tests your knowledge of how to: 
m Describe the requirements and use of scalable interdomain routing 
m Identify basic BGP characteristics and features 
m Explain why BGP is used by single-homed customers 
m Explain why BGP is used by multihomed customers 
m Explain why BGP is used in transit autonomous systems 


m Explain BGP limitations 


Quiz 
Answer these questions: 


Q1) Which three items are BGP enhancements to traditional distance vector routing 
protocols? (Choose three.) 
A) reliable updates 
B) use of triggered updates only 


C) enhanced security 
D) rich metrics 


Q2) ~~ Which protocol facilitates reliable update capabilities in BGP? 


A) TCP 
B) UDP 
C) HSRP 
D) ICMP 
Q3) — What are three characteristics of an AS? (Choose three.) 
A) uses IGPs for intradomain routing 
B) uses EGPs for interdomain routing 
C) is a collection of networks under a common administrative authority 
D) consists of a group of network domains 


Q4) ~~ Which three scenarios are common scenarios where BGP is used? (Choose three.) 


A) a customer with a connection to multiple service providers 
B) service provider networks acting as transit systems and forwarding external 
traffic through their network 
C) a single-site customer intranet with complex administrative policies between 
departments 
D) as the core routing protocol in very large enterprise networks 
1-124 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Q5) What are three recommended BGP use guidelines for multihomed customer networks? 


(Choose three.) 

A) Most multihomed customers should use BGP with their service providers. 

B) Most multihomed customers should forward routing information that is 
received from one provider to the other provider. 

C) The multihomed customer must have its own public AS number. 

D) Multihomed customers should use a provider-independent, public address 
space. 


Q6) What is a limitation of the BGP routing protocol? 


A) You cannot use BGP to implement hop-by-hop routing policy controls. 
B) You cannot use BGP to influence the routing policy in a downstream AS. 
C) BGP cannot control forwarding of packets based on their destination address. 
D) BGP cannot scale to very large networks with more than 110,000 routes. 
Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
Copyright © 2004, Cisco Systems, Inc. BGP Overview 1-125 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Quiz 1-2: Establishing BGP Sessions 


Complete this quiz to assess what you learned in the lesson. 


Objectives 

This assessment tests your knowledge of how to: 

m™ Describe how BGP discovers neighbors 

m Explain BGP session establishment procedures 

m Explain the role of the BGP keepalive in session establishment and maintenance 

m™ Describe how optional MD5 authentication can protect sessions between BGP peers 
Quiz 

Answer these questions: 


Q1) ~~ What is indicated by a state of “Idle” in the output of the show ip bgp summary 


command? 

A) The router is currently not attempting to establish a connection with a 
neighbor. 

B) The connection to the configured neighbor has timed out. 

C) The connection to a BGP neighbor has been established, and no errors have 
been received on the connection. 

D) The connection to a BGP neighbor has been established, and no packets have 
been sent. 


Q2) — What happens if two TCP connection attempts between configured BGP neighbors 


succeed? 

A) Both connections will be terminated, and the neighbors will re-establish a 
neighbor relationship. 

B) One connection will be maintained as primary and the other as backup. 

C) One of the two connections will be torn down. 

D) The router with the lower router-ID will determine if the second connection is 


torn down or used as a backup TCP connection. 
Q3) — Given the following BGP session states: 


1. OpenConfirm 
Established 
Idle 
OpenSent 
Active 


Ci ee TS. 


What is their order of progression during the creation of a successful neighbor session? 


A) 5, 1, 4, 2,3 


B) 3, 4,1, 5,2 
C) 5.4, 13,2 
D) 3,5, 4, 1,2 
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Q4) — ~What does the field “TblVer” indicate in the output of the show ip bgp summary 


command? 

A) the current version of BGP in use by the router 

B) the number of route prefixes that are contained in the BGP update of the router 
C) BGP messages that have been received from that neighbor 


D) the last version of the BGP database that was sent to that neighbor 


Q5) — What occurs when you use MD5 between two BGP neighbors? 


A) Every packet is encrypted with MD5. 
B) The IP header is encrypted using MD5. 


C) An MD5 checksum is calculated and sent with each packet so that its source 


can be verified. 


D) A username and password are embedded in an IP datagram that is matched to a 


username and password on the remote neighbor. 


Scoring 


You have successfully completed the quiz for this lesson when you earn a score of 80 percent 


or better. 
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Quiz 1-3: Understanding BGP Path Attributes 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


Quiz 


Describe the purpose of BGP path attributes 

Explain the difference between mandatory and discretionary well-known BGP attributes 
Explain the difference between nontransitive and transitive optional BGP attributes 
Describe the functionality of the AS-path attribute 


Describe the functionality of the next-hop attribute 


Answer these questions: 


Ql) 


Q2) 


Q3) 


Q4) 
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Which three statements are true of BGP mandatory well-known attributes? 
(Choose three.) 


A) They must be present in all BGP updates. 


B) All BGP-compliant implementations must recognize them. 
C) All BGP-compliant routers must adhere to policies specified in mandatory 
attributes. 


D) All well-known attributes are propagated to other neighbors. 


Which three attributes are BGP mandatory well-known attributes? (Choose three.) 
A) next-hop 

B) weight 

C) AS-path 

D) origin 

Which three possible values are assigned to the BGP origin attribute? (Choose three.) 
A) IGP 

B) EGP 

C) unknown 

D) internal 


Which nontransitive optional BGP attribute is useful in assisting with the route 
selection process when multiple links to another AS exist? 


A) next-hop 


B) local preference 
C) MED 
D) AS-path 
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Q5) ~~ What two ways can the BGP next-hop attribute be modified? (Choose two.) 


A) If the next-hop attribute is in the same IP subnet as the receiving router, the 
attribute is unchanged; otherwise, it is set to the IP address of the sending 
router. 

B) The next-hop attribute is always set to the IP address of the sending router. 


C) The next-hop attribute is modified only when BGP packets exit an AS. 
D) The BGP next-hop attribute is modified only when BGP packets traverse point- 
to-point links. 


Q6) Which three statements regarding the BGP AS-path attribute are true? (Choose three.) 


A) The local AS number is prepended to the AS path each time that the route 
crosses an AS boundary. 

B) The AS that originally injected the route into BGP is always found at the 
rightmost end of the AS path. 

C) The AS-path attribute can be used to avoid routing loops. 

D) BGP routes with an empty AS path were injected into BGP from outside the 
local AS. 


Scoring 


You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 1-4: Processing BGP Routes 


Complete this quiz to assess what you learned in the lesson. 


Objectives 
This assessment tests your knowledge of how to: 
m Explain BGP routing updates 
m™ Describe how a router builds BGP tables 
m= Explain BGP route selection criteria 
m Describe BGP route propagation 
m Describe how a router builds an IP routing table when it is using BGP 
m Describe how BGP advertises local networks 


m Describe the role of automatic summarization in BGP route processing 


Quiz 
Answer these questions: 


Q1) ~~ What does a router that is running BGP do with a BGP update that contains its own AS 


path? 

A) The router checks to see if the information that is contained in the update is 
better than its current information. If it is, it will update its BGP table. 

B) The router accepts the route update. 

C) The router silently discards (denies) the route. 

D) The router will return an error to the router that sent the update. 


Q2) | How many alternate paths to a single destination will a BGP router maintain in the 


BGP table? 

A) The router will maintain only the best path to the destination. 

B) The router will maintain two paths, the best path and a backup route. 

C) The BGP table will hold up to four routes by default and a maximum of six 
configurable routes. 

D) The BGP table will store all valid, advertised routes to the destination in the 
BGP table. 


Q3) — What are two ways in which local networks are advertised into the BGP routing 
protocol process? (Choose two.) 


A) automatically, after a BGP neighbor session is established 

B) manually, with the network command 

C) through redistribution into the BGP process 

D) by advertising them to the BGP table on the router after CDP discovers 
connected networks 
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Q4) ~~ What are two situations when is it appropriate to disable automatic summarization in 
BGP? (Choose two.) 


A) when BGP neighbors are not configured to advertise aggregate routes to 
upstream providers 

B) when the classless variant of the network command is used 

C) when you are using a classless IGP in the AS 

D) when the effects of automatic summarization of IGP-to-BGP redistribution are 


not desired 


Q5) — What is the AD of BGP routes in the IP routing table that were learned from BGP 
neighbors in a different AS? 


Ay ei 
B) 20 
Cc) 90 
D) ~—-120 


Q6) Which three BGP attributes are displayed for each route in the BGP table when you are 
using the show ip bgp command? (Choose three.) 


A) weight 
B) communities 
C) origin 
D) AS-path 
Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 1-5: Configuring Basic BGP 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


Quiz 


Identify the Cisco IOS command that is required to configure the BGP routing process 
Identify the Cisco IOS commands that are required to configure BGP neighbors 


Identify the Cisco IOS commands that are required to configure basic timers that are used 
in BGP 


Identify the Cisco IOS command that is required to configure MD5 authentication for BGP 
Identify the commands that are required to announce local networks in BGP 


Describe BGP route redistribution and identify the commands that are required to configure 
BGP route redistribution 


Describe the classless behavior of BGP and identify the Cisco IOS command that is 
required to configure BGP for classless operation 


Describe BGP route aggregation and identify the Cisco IOS commands that are required to 
configure basic BGP route aggregation 


Determine when BGP route aggregation is not appropriate in multihomed topologies 


Answer these questions: 


Q1) ~~ What is the valid AS number range for a BGP process on a Cisco router? 
A) 1-256 
B) 1 — 32768 
C) 1 -— 65535 
D) 1 - 131072 

Q2) = Which AS numbers are defined as private AS numbers? 
A) 1-128 
B) 32768 — 64511 
C) 64512 — 65535 
D) 65536 — 131072 

Q3) | Which two parameters must you configure with the neighbor command to establish a 
BGP session with an external neighbor? (Choose two.) 
A) neighbor IP address 
B) subnet mask of the IP network 
C) remote AS number 
D) local AS number 
E) description of the neighbor 
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Q4) — What is the best method to temporarily disable a BGP neighbor session? 


A) remove the neighbor command from the BGP router process 

B) remove the BGP router process from the configuration 

C) terminate the neighbor connection with the neighbor shutdown command 
D) disconnect the neighbor by initiating a router reload 


Q5) — Which three steps must you complete to advertise a classless prefix into BGP? 


(Choose three.) 

A) configure the prefix with the network command 

B) specify the mask keyword with the locally advertised route 

C) configure the redistribute connected command under the BGP router process 
D) use a Static route pointing to null 0 that matches the prefix 


Q6) = Which origin code is carried with routes that are redistributed into BGP? 


A) internal 

B) external 

C) unknown 
D) incomplete 


Q7) What must be true for a BGP route aggregate to be advertised in the IP routing table? 


A) At least one network in the specified range must exist in the BGP table. 

B) You must configure automatic summarization under the BGP routing protocol 
process. 

C) You must configure a route to null 0 matching the aggregate. 

D) No synchronization must be configured under the BGP routing protocol 
process. 


Q8) What are two benefits of using route aggregation in BGP? (Choose two.) 


A) It ensures that even if aggregate networks are down, the aggregate is 
advertised, which eliminates black holes. 
B) It reduces the amount of memory that is used in the router to store the BGP 
table. 
C) It reduces route flapping and its effects on router CPU resources. 
D) BGP attribute granularity is maintained, which ensures optimal path selection. 
Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 1-6: Monitoring and Troubleshooting BGP 


Complete this quiz to assess what you learned in the lesson. 


Objectives 
This assessment tests your knowledge of how to: 
m Identify the Cisco IOS command that is required to monitor BGP neighbors 
m Identify the Cisco IOS commands that are required to perform basic BGP debugging 
m Troubleshoot basic BGP session startup problems when the neighbor is not reachable 


m= Troubleshoot basic BGP session startup problems when the neighbor is not configured 


Quiz 
Answer these questions: 


Q1) = Which command do you use to display detailed BGP neighbor information? 


A) show ip bgp summary 

B) show ip bgp 

C) show ip bgp neighbors address 
D) show ip bgp detail 


Q2) = Which debug command should you enable to troubleshoot BGP session startup issues 
where the TCP connection never succeeds? 
A) ip bgp updates 
B) ip packets 
C) ip bgp keepalives 
D) ip tcp transactions 


Q3) — What is the most common reason for a BGP session not leaving the Idle state? 


A) The TCP port for the connection is not configured. 

B) The external neighbor is not directly connected. 

C) The TCP SYN packet is answered with an RST packet. 

D) The neighbors have been configured with the same AS number. 


Q4) ~~ What will result from attempting to open a BGP connection with a neighbor that has 
not been properly configured for BGP? 


A) The BGP session will remain in the Idle state. 

B) The neighbor session will be established, and the session startup parameters 
will be negotiated over the TCP session. 

C) The BGP session will be immediately terminated with a TCP RST packet. 


D) The BGP session will become “stuck in Active state.” 
Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Lesson Assessment Answer Key 


Quiz 1-1: Introducing BGP 
Ql) A B,D 
Q2) A 
Q3) A,B,C 
Q4) =A,B,D 
Q5) ACD 


Q6) B 
Quiz 1-2: Establishing BGP Sessions 
Qy A 
Q2) Cc 
Q@3) OD 
a4) OD 
Q5)  C 


Quiz 1-3: Understanding BGP Path Attributes 
Ql) ABD 
Q2) ACD 
Q3) A,B,C 
Q4) OC 
Q5) A,B 
Q6) A,B,C 


Quiz 1-4: Processing BGP Routes 


Ql) C 
Q2) D 
Q3) B,C 
Q4) B, D 
Q5) B 


Q6) A,C,D 


Quiz 1-5: Configuring Basic BGP 


Ql) 

Q2) Cc 

Q3) A,C 
Q4) C 

Q5) A,B,D 
Q6) D 

Q7) 

Q8) Ewe 
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BGP Overview 
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Quiz 1-6: Monitoring and Troubleshooting BGP 


Q1) C 
Q2) D 
Q3) B 
Q4) C 
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Module 2 | 


BGP Transit Autonomous 
oystems 


Overview 


This module is one of the focal points of the Border Gateway Protocol (BGP) curriculum: a 
discussion of BGP issues in a transit autonomous system (AS). The module covers basic BGP 
transit AS issues, ranging from synchronization between an Interior Gateway Protocol (IGP) 
and BGP to Internal Border Gateway Protocol (IBGP) full-mesh and next-hop requirements. 


Module Objectives 


Upon completing this module, you will be able to explain BGP issues in a transit AS. 


Module Objectives 


¢ Describe the function of a transit AS and the need 
for IBGP 


¢ Describe the interaction in a transit AS between 
EBGP and IBGP in relation to relevant attributes 


* Describe the function of an IGP in forwarding 
packets through an AS 


* Successfully configure an AS to act as a transit 
backbone in a BGP network scenario 


° Verify proper operation of a configured BGP transit 
network and perform the steps necessary to 
correct basic IBGP configuration errors 
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Module Outline 


The outline lists the components of this module. 


Module Outline 
_ ee Cisco.com 


° Working with a Transit AS 
° Interacting with IBGP and EBGP in a Transit AS 
* Forwarding Packets in a Transit AS 


* Configuring a Transit AS 


* Monitoring and Troubleshooting IBGP ina 
Transit AS 


BGP v3.1—2-3 
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Working with a Transit AS 


Overview 


The topology of the Internet can be viewed as a series of connections between stub networks, 
multihomed networks, and transit autonomous systems. A multihomed AS containing more 
than one connection to the outside world and allowing traffic not originating in that AS to 
travel through it is a transit AS. This lesson introduces the concept of the multihomed transit 
AS and how BGP exchanges routing information inside the AS and between neighboring 
autonomous systems. It also explains the requirement for IBGP within the multihomed transit 
AS. 


Relevance 


All transit autonomous systems are required to carry traffic originating from or destined to 
locations outside of that AS. In order for the transit AS to meet this requirement, a degree of 
interaction and coordination between BGP and the IGP that is used by that particular AS is 
necessary. Such a configuration requires special care to ensure consistency of routing 
information throughout the AS. 


Objectives 


Upon completing this lesson, you will be able to describe fully the function of a transit AS. 
This includes being able to meet these objectives: 


m List the functions of a transit AS 

m Describe external route propagation between autonomous systems in a BGP network 
m™ Describe internal route propagation within a BGP AS 

m Explain how transiting packets are forwarded inside a transit AS 


m Explain the need for deploying IBGP on all core routers 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


™ Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 
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Outline 


The outline lists the topics included in this lesson. 


Outline 
OO EO Cisco.com 


° Overview 
° Transit AS Tasks 
¢ External Route Propagation 


° Internal Route Propagation 


* Packet Forwarding in an AS 


* Core Router IBGP Requirements ina 
Transit AS 


° Summary 
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Transit AS Tasks 


This topic lists the functions of a transit AS. 


Transit AS Tasks 


* Propagate routes between remote autonomous systems 
* Route packets between remote networks 


BGP v3.1—2-3 


Routers in a transit AS have to perform two tasks: 


m Receive routing information updates about reachable networks from neighboring 
autonomous systems, propagate the information through their own AS, and send it to other 
neighboring autonomous systems. 


m Forward IP packets that they have received from a neighboring AS through their own AS to 
a downstream neighboring AS. The routers in the transit AS perform this task using the 
routing information that they have received as part of the first task. 
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External Route Propagation 


This topic describes external route propagation between autonomous systems in a BGP 
network. 


External Route Propagation 


Routes between autonomous systems are 
always exchanged via External BGP (EBGP) 


RTR-C AS 42 RTR-D 


Two autonomous systems usually exchange routing information about reachable networks 
using BGP. There is currently no alternative routing protocol that has the scalability and 
security characteristics of BGP. 


In the example here, the BGP session between R-12 and RTR-A is called an External Border 
Gateway Protocol (EBGP) session because R-12 and RTR-A are in different autonomous 
systems. 


BGP routing information updates consist of the network address, subnet mask, and any number 
of BGP attributes. No other routing protocol provides the same richness of route attributes as 
BGP. Translating BGP route attribute information into any other protocol would likely cause a 
loss of information. Therefore, the EBGP information that RTR-A receives is not translated; it 
is just forwarded to other BGP-speaking routers (RTR-D in the figure) within the AS. 


Likewise, RTR-D has BGP information and can propagate it to R-14 in AS 14 over the EBGP 
session. 


EBGP sessions are, in general, established between directly connected neighbors. BGP- 
speaking routers thus need no additional routing information in order to establish the session. 
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Internal Route Propagation 


This topic describes internal route propagation within a BGP AS. 


Internal Route Propagation 


The only protocol that can transport all BGP 
attributes across the backbone is BGP inside an 
autonomous system, called Internal BGP (IBGP) 


IBGP session must be established between transit 
AS border routers to propagate EBGP routes 


RTR-C AS 42 RTR-D 


002G_101 


In this example, the BGP session between RTR-A and RTR-D, which are both in the same AS, 
is an IBGP session. 


IBGP sessions are, in general, established between distant routers in the same AS. These 
routers need additional routing information in order to establish the session, because there is no 
requirement that IBGP neighbors be directly connected. This information typically comes from 
the IGP, which is running within the AS independently of BGP. 
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Packet Forwarding in an AS 


This topic explains how transiting packets are forwarded inside a transit AS. 


Packet Forwarding in an 
Autonomous System 


Packet from AS 14 toward AS 12 is received by RTR-D 


How will 


RTR-C forward s : 
the packet? RTR-C AS 42 RTR-D 


Conclusion #1: RTR-C needs external routes for proper 
packet forwarding 
Conclusion #2: RTR-C must receive BGP routes 


BGP v3.1—2-6 


In this example, after AS 14 has received the routing information about reachable networks 
inside AS 12, IP packets can start to flow (in the figure, from AS 14 toward AS 12). R-14, the 
egress router in AS 14, forwards IP packets with destinations in AS 12 toward RTR-D, 
according to information received through EBGP. 


RTR-D now uses the IBGP information that it received from RTR-A and forwards the packets 
in the direction of RTR-A, which in this case means via RTR-C. 


When the IP packets reach RTR-C, the router checks its routing table for a matching entry, but 
it fails to find one. The packet is dropped because the destination network is unreachable from 
the perspective of RTR-C. 


This is, of course, an unacceptable situation. To prevent dropped packets due to unreachable 
networks, RTR-C must also have routing information about the networks reachable inside AS 
12. The same information that RTR-D received from RTR-A over the IBGP session must be 
propagated to RTR-C. 


Note RTR-B has the same network reachability requirements as RTR-C, because RTR-D could 
forward the packets via RTR-B as well as via RTR-C. 
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Core Router IBGP Requirements in a Transit AS 


This topic explains the need for deploying IBGP on all core routers. 


Core Router IBGP Requirements ina 


Transit Autonomous System 
eRe | 


¢ All core routers must have all external routes. 
¢ Core routers must receive BGP routes. 


— Redistribution of BGP routes into IGP is not 
scalable. 


— Default routing is not applicable in transit 
AS core. 


Within a transit AS, all routers that are in a theoretical transit path between external 
destinations should have information about all external routes that are received from any 
neighboring AS. If a single router on a transit path does not have this information, there is 
always a possibility that an IP packet that is received from a neighboring AS will not be able to 
be forwarded by that router through the transit AS. The router lacking routing information 
about the final destination of the IP packet drops it into what effectively becomes a black hole. 


The only feasible way for the router to distribute all external routing information is by using 
IBGP. Redistribution of the EBGP routes into an IGP is not viable because no IGP can carry 
the volume of information that BGP currently carries in the Internet. 


Note The risk of losing information during redistribution of EBGP routes into an IGP is not the 
reason why BGP is used to update intermediate routers in the transit path instead of an IGP. 
Redistribution into an IGP is not used because of the scalability issues that would arise from 
doing so. 


Default routing or a gateway of last resort cannot be used by routers within the transit path 
when transit services are provided to other autonomous systems. If some routes were to be 
filtered out, and the default route used instead, full routing flexibility would be lost. The transit 
AS would not be able to forward packets to all destinations at all times. In fact, routing loops 
and black holes might be easily introduced. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
isc Cor 


Routers in a transit AS receive routing information 
updates from neighboring autonomous systems, 
propagate the information through their own AS, and 
send it to other neighboring autonomous systems. 


Two autonomous systems usually exchange routing 


information over an EBGP session. 


A BGP session between two routers in the same AS is 
called an IBGP session. 


In order for packets to be properly forwarded ina 
transit AS, all routers must have external routing 
information. 


The only feasible method of distributing external 
routing information to all routers in the transit AS is 
through IBGP. 


References 


For additional information, refer to these resources: 


= For more information on transit autonomous systems, refer to “BGP Case Studies 1” at the 
following URL: http://www.cisco.com/warp/public/459/bgp-toc.html 


m= For more information on the attributes in transit autonomous systems, refer to “Using the 
Border Gateway Protocol for Interdomain Routing” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm 
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Interacting with IBGP and 
EBGP ina Transit AS 


Overview 


A transit AS, by definition, allows traffic not originating in that AS to travel through it. This 
activity requires interaction between EBGP and IBGP in the transit AS. This lesson introduces 
the requirements of IBGP and describes how routers residing in the transit AS process the next- 
hop attribute. Changes to the normal processing of the next-hop attribute are also described in 
this lesson. The lesson concludes with a comparison between EBGP and IBGP. 


Relevance 


Configuring a BGP network in a transit services configuration requires special care to ensure 
consistency of routing information throughout the AS. Understanding the interaction between 
EBGP and IBGP is crucial to successfully configuring and troubleshooting the transit 
autonomous network. 


Objectives 


Upon completing this lesson, you will be able to describe the interaction between IBGP and 
EBGP. This includes being able to meet these objectives: 


Describe AS-path processing in IBGP 

Explain the need for BGP split horizon 

Explain the need for a full-mesh topology between IBGP routers, and its implications 
Explain the benefits of establishing IBGP neighbor sessions using loopback interfaces 
Describe next-hop processing in IBGP 

Explain why all EBGP peers must be reachable by all BGP-speaking routers within the AS 
Describe how to configure routers to announce themselves as the next hop in IBGP updates 


Explain the differences between EBGP and IBGP sessions 
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Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
— ee CISCOYCO 1 | 


° Overview 

* AS-Path Processing in IBGP 
° BGP Split Horizon 

* IBGP Full Mesh 


* IBGP Neighbors 
° IBGP Next-Hop Processing 


* Transit Network Using External Next Hops 


* Transit Network Using Edge Routers as Next 
Hops 


¢ Differences Between EBGP and IBGP Sessions 
° Summary 
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AS-Path Processing in IBGP 


This topic describes AS path processing in IBGP. 


AS-Path Processing in IBGP 


Network X is announced as coming from AS 12 


AS path as received from external 
neighbor is not changed on IBGP sessions 


Local AS number is prepended to AS 
path on EBGP sessions 


All BGP routing updates carry the mandatory well-known attribute AS-path, which lists the 
autonomous systems that the routing update has already crossed. 


002G_103 


BGP v3.1—2-3 


When a router originates a BGP prefix (network X in this example), the AS path is empty. 
Whenever a BGP prefix is announced over an EBGP session, the AS number of the router that 
is sending the information is prepended to the AS path. In the example, R-12 inserts “12” in the 
AS path before forwarding the routing update to RTR-A. 


The AS path is not changed when the BGP prefix is propagated across IBGP sessions because 
the routing update has not crossed an AS boundary. In the example, RTR-A forwards the 
information over an IBGP session to RTR-D with the AS path unchanged. The AS-path 
information about network X will be the same in all routers within AS 42, because all the 
routers are updated using IBGP sessions from RTR-A. 


When RTR-D forwards the information about network X to R-14, it prepends its own AS 
number (42) to the AS path. Thus, R-14 receives the routing information about network X with 
an AS-path attribute of “42 12.” 
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BGP Split Horizon 


This topic explains the need for BGP split horizon as a mechanism to prevent routing loops. 


BGP Split Horizon 
ee Cinemean = | 


EBGP session 


RTR-C AS 42 RTR-D 


To prevent loops, incoming IBGP update is 
not propagated to other IBGP peers 


No BGP attributes are changed in IBGP updates, 
making loop detection impossible-split horizon 
is needed to prevent BGP routing loops 


002G_104 


Result: Full mesh of IBGP sessions is required for proper 
IBGP update propagation. 


Inc. All rights reserved BGP v3.1—2-4 
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All routers within an AS must make routing decisions in a consistent way. They must have 
access to the same routing information with the same attributes in order to come to the same 
conclusion about which exit point of the AS to use. In other words, the BGP attributes should 
not be changed within the AS. 


The AS-path attribute is not changed over an IBGP session, because the BGP update has not 
crossed the AS boundary. However, the AS-path attribute is the primary means of detecting 
routing information loops—a BGP router that encounters its own AS in the AS path of an 
incoming BGP update silently ignores the information. Because the AS path is modified by 
BGP-speaking routers only on EBGP sessions, this loop-preventing mechanism is useful 
between autonomous systems only, not within them. 


Routing information loops within the AS are prevented by IBGP split horizon—routing 
information that is received through an IBGP session is never forwarded to another IBGP 
neighbor, only toward EBGP neighbors. Because of BGP split horizon, no router can relay 
IBGP information within the AS—all routers must be directly updated from the border router 
that received the EBGP update. 


2-14 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


IBGP Full Mesh 


This topic explains the need for a full-mesh topology between IBGP routers, and its 
implications. 


IBGP Full Mesh 


RTR-C AS 42 RTR-D 


002G_105 


¢ Full mesh of IBGP sessions has to be established between all BGP- 
speaking routers in the AS for proper IBGP route propagation. 


¢ The IBGP full mesh is a logical mesh of TCP sessions only; physical 
full mesh is not required. 


BGP v3.1—2-5 


Because every router on the transit path within the AS must have routing information about all 
external networks that are received by any of the border routers, they must all have IBGP 
sessions to all border routers. This level of communication is not enough, though, because any 
of the internal routers could also create new BGP routing information (for example, originate a 
customer network). These updates must also reach all the routers within the AS. The conclusion 
is that all BGP routers within an AS must have IBGP sessions with every other BGP router in 
the AS, resulting in a full mesh of BGP sessions between BGP-speaking routers in an AS. 


In the network in the example here, RTR-A must have IBGP sessions with RTR-B, RTR-C, 
and RTR-D in order to propagate routes that are received from AS 12 to all routers within AS 
42. Similarly, RTR-D must have IBGP sessions with RTR-A, RTR-B, and RTR-C to be able to 
propagate routes that are received from AS 14 to all routers within AS 42. 


Note The IBGP session between RTR-B and RTR-C is not strictly necessary for proper forwarding 
of IP packets between external destinations. It does become mandatory if RTR-B or RTR-C 
starts to originate BGP networks. To prevent potential future connectivity issues, it is a good 
practice to establish a full mesh of IBGP sessions regardless of whether they are needed at 
the time of network deployment or not. 


The IGP that runs within AS 42 provides enough information to any BGP router within AS 42 
to send IP packets to any other router in the AS. Having enough router reachability information 
makes it possible to establish IBGP sessions between routers even though they are not 
physically connected. The IBGP full mesh is a logical full mesh of TCP sessions and will run 
on an arbitrary physical topology. 
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Example 


IBGP Full Mesh (Cont.) 


wo 
Q@ 
vu 
c 
: 
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Incoming EBGP update is directly propagated from 
ingress router to all BGP-speaking routers in the AS 


IBGP update is further 
propagated to next AS 


The figure illustrates IBGP split-horizon and IBGP full-mesh principles in the sample network. 
R-12 is sending an update to RTR-A over an EBGP session. Updates that are received on an 
EBGP session should be forwarded on all other IBGP sessions, so RTR-A updates RTR-B, 
RTR-C, and RTR-D. All routers within AS 42 are updated directly by RTR-A. 


RTR-B and RTR-C are prevented from forwarding the update that they received from RTR-A 
because of BGP split horizon. 


RTR-D, which received the information on an IBGP session, is prevented from updating RTR- 
B and RTR-C because of the same split-horizon rule. But RTR-D will update R-14 over an 
EBGEP session. 
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IBGP Neighbors 


This topic explains the benefits of establishing IBGP neighbor sessions using loopback 
interfaces. 


IBGP Neighbors 


Physical connections 
(for example, WAN links) 


RTR-C AS 42 RTR-D 
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IBGP session 


* Due to IBGP full-mesh requirements, IBGP neighbors are 
usually not directly connected. 


e Which interfaces should be chosen as the source and 
destination addresses of IBGP TCP sessions? 


BGP v3.1—2-7 


In this example, the transit AS 42 has a redundant physical topology. The IGP provides 
reachability information for all routers and networks within AS 42, allowing all routers in the 
AS to establish IBGP sessions to all other routers, even if not directly connected. 


If the IBGP session between RTR-A and RTR-D was established using IP addresses that 
belong to the physical WAN interfaces, the IBGP session would go down if either of the WAN 
interfaces went down. As a result, the router would tear down the TCP session that is used for 
BGP between the routers because the IP address of an interface that is in the down state is 
invalid. Subsequently, all IP packets that are received with a destination address pointing to that 
interface will also be dropped. 


Network designers must be careful during the network design and implementation phase that 
those IBGP sessions remain established for as long as the two BGP routers have any usable 
path between them. 
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IBGP Neighbors (Cont.) 


Always run IBGP sessions between loopback 
interfaces. 


¢ IBGP sessions can always be established, even if 
some physical interfaces are down. 


° IBGP sessions are stable—physical interface 
failure will not tear down IBGP sessions. 


° There is no BGP recovery after a failure inside the 
transit autonomous system. 


—The configured IGP will re-establish the path 
between loopback interfaces. 


—IBGP sessions are not affected. 


The best choice when you are configuring IBGP sessions is to establish each session between 
loopback interfaces on each BGP router. 


In order to establish BGP connectivity between the loopback interfaces, the IP addresses of 
these interfaces have to be reachable by both routers. It is important that the IGP carry 
information about the subnets that are assigned to each loopback interface so that they are 
reachable by all BGP routers in the AS. 


The IBGP sessions that are established between loopback interfaces have increased stability. 
These sessions will not go down if a single physical interface goes down. As long as the IGP 
can find any path between the two routers, the IBGP session will remain up. BGP will not 
notice that the IGP has changed the traffic path between the two routers. 


Note Because BGP sessions run over TCP, they can survive even a short loss of connectivity 
between BGP routers with no impact to the BGP routing protocol. The only requirement 
placed on the IGP is that the network must converge before the BGP keepalive timer 
expires. 
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IBGP Next-Hop Processing 


This topic describes how the next-hop attribute is processed in IBGP. 


IBGP Next-Hop Processing 


Network X is announced 
with the next hop 1.0.0.1 


Next hop is set to 
local IP address 
on EBGP sessions 


Every BGP update carries the mandatory well-known attribute next-hop, which specifies the IP 
address that should be used by the router as the forwarding next hop for packets sent toward the 
announced destination address. In most cases, the next hop is set to the IP address that the 
sending router is using as its source IP address for EBGP sessions. The receiving BGP router 
will use the information and route IP packets toward the announced destination via the 
indicated next hop, which is normally directly connected. 


The next-hop attribute is not changed on IBGP updates, meaning that when the border router 
forwards the BGP update on IBGP sessions, the next-hop address is still set to the IP address of 
the far end of the EBGP session. Therefore, the receiver of IBGP updates will see the next-hop 
information indicating a destination that is not directly connected. To resolve this problem, the 
router will check its routing table and see if and how it can reach the next-hop address. The 
router can then route IP packets with destination addresses matching the network in the BGP 
update in the same direction as it would have routed an IP packet with a destination address 
equal to the IP address stated in the next-hop attribute. This process is known as recursive 
routing. 


In the figure, R-12 sends a BGP update about network X. Because it is sending this update over 
an EBGP session to RTR-A, the next-hop attribute is set to the IP address that is used at the R- 
12 side of the EBGP session, 1.0.0.1. 


RTR-A can use this information and route packets to network X by forwarding them to R-12. 
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RTR-A also forwards the BGP update over all its IBGP sessions. It does not change the next- 
hop attribute, so RTR-B, RTR-C, and RTR-D will get information that they can reach network 
X by forwarding packets to 1.0.0.1. But that IP address is not directly connected, so the routers 
must look in their routing tables to see if and how they can reach 1.0.0.1. If the recursive route 
lookup is successful, each router can then route packets to network X in the same direction as it 
would route packets to 1.0.0.1. 


RTR-D also forwards the BGP update about network X to R-14. The connection between these 
routers is an EBGP session, meaning that RTR-D will set the next-hop attribute to its own IP 
address, 3.0.0.2, which is used by RTR-D on the EBGP session toward R-14. 
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Transit Network Using External Next Hops 


This topic explains why all EBGP peers must be reachable by all BGP-speaking routers within 
the transit AS. 


Transit Network Using 
External Next Hops 


¢ All EBGP peers must be reachable by all 
BGP-speaking routers within the AS. 


* EBGP next hops shall be announced using 
the IGP. 


— Redistribute connected interfaces into the IGP 
at the edge routers or 


— Include links to EBGP neighbors into the IGP 
and configure them as passive interfaces 


BGP v3.1—2-10 


All BGP-speaking routers within the AS get information about external networks with the next- 
hop attribute, which is set to the far end of the EBGP sessions reaching the border routers of the 
AS. 


Routers use a recursive routing mechanism when they determine how to forward IP packets 
toward external destinations. When BGP routes are used in the routing table, the router checks 
how it would have reached the next-hop address, and it installs the BGP route with the same 
forwarding indication as for the route that is used to reach the next-hop IP address. 


In order to get the recursive routing to work, the router must resolve all possible next-hop 
references that use information in the routing table, which is already there. The IGP that is used 
within the AS must carry this information. 


One way of making the IGP carry the information that is necessary to resolve the BGP next- 
hop addresses is to make sure that all the border routers, which contain the EBGP sessions, 
redistribute connected subnets into the IGP using the redistribute connected routing protocol 
configuration command. Because EBGP sessions are established between routers using a 
directly connected interface, the far end of the EBGP sessions is an IP address within the 
directly connected subnet. By redistributing the connected interfaces into the IGP, the border 
routers allow next-hop references to be resolvable by all routers within the AS. 


External subnets that are redistributed into the IGP might appear as external IGP routes, 
depending on what IGP is configured within the AS. There exist several scalability issues that 
are associated with external routes in some routing protocols (for example, Open Shortest Path 
First [OSPF] carries each external subnet in a separate link-state advertisement [LSA] object). 
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If route redistribution is not desirable for any reason, an alternative method is to include the 
subnet on which the EBGP session is running in the IGP configuration using the network 
command. To prevent the border router from exchanging IGP routing with the border router of 
the other AS, you must configure the interface as a passive interface. Failure to do so could 
cause the two different autonomous systems to exchange routes using the IGP. In that case, all 
benefits of having separate autonomous systems would be lost. 
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Transit Network Using Edge Routers as Next 
Hops 


This topic describes how to configure edge routers to announce themselves as the next hop in 
IBGP updates. 


Transit Network Using Edge 
Routers as Next Hops 


Alternate design: Next-hop processing is modified at 
the edge routers. 


* Edge routers announce themselves as the next hop in IBGP 
updates. 


* No redistribution of external subnets is necessary. 


* This design might result in suboptimal routing if multiple 
paths to a neighboring AS exist. 


Use default next-hop processing if at all possible. 


BGP v3.1—2-11 


The next-hop attribute is usually not modified by an IBGP peer when the BGP update is 
propagated across IBGP sessions. However, you could configure the BGP router to have a 
different behavior and set its IP address as the next-hop address even when the BGP updates 
are sent across IBGP sessions (emulating behavior on EBGP sessions). If you do configure an 
IBGP router to emulate the behavior of EBGP sessions on the IBGP sessions of the border 
routers, the BGP updates that are received on the EBGP sessions will be forwarded on the 
IBGP sessions and the next-hop attribute will be set to the IP address that is used on the local 
side of the IBGP session. The original next hop, set by the far end of the EBGP session, will be 
lost. 


The receiver of the IBGP information will do recursive routing in the normal way. But the next- 
hop address that is used will be the IP address of the far end of the IBGP session, because the 
border router has changed it. The IP address of the far-end IBGP peer is always known in the 
routing table; otherwise, the IBGP session would not have been established. There is no need 
for the receiver of the IBGP information to have knowledge of how to reach the far end of the 
EBGP session, because that IP address is no longer set as the next hop. 
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Transit Network Using Edge 
Routers as Next Hops (Cont.) 


router (config-router) # 


neighbor ip-address next-hop-self 


* Changes next-hop processing at edge routers 


* Bypasses the BGP next-hop processing and 
announces the local IP address as the BGP next hop 
in outgoing updates sent to the specified neighbor 


° Has to be set on all IBGP neighbors to fully bypass 
IBGP next-hop processing 


BGP v3.1—2-12 


neighbor next-hop-self 


To configure the router as the next hop for a BGP-speaking neighbor or peer group, use the 
neighbor next-hop-self router configuration command. 


m neighbor {ip-address | peer-group-name} next-hop-self 


To disable this feature, use the no form of this command. 


= no neighbor {ip-address | peer-group-name} next-hop-self 


Syntax Description 


Parameter Description 
ip-address IP address of the BGP-speaking neighbor 
peer-group-name Name of a BGP peer group 
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Example 


Transit Network Using Edge 
Routers as Next Hops (Cont.) 


IBGP sessions are running 
from loopback address 2.0.0.7 


Next hop is set to 
local IP address 
on EBGP sessions 


IP address 
1.0.0.1 


Next hop is set to the loopback 
address when next-hop-self is used 


002G_385 


The next-hop attribute is normally not changed on IBGP updates. In the figure, the next-hop- 
self configuration has been used on all IBGP sessions. When the border router forwards the 
incoming EBGP update over an outgoing IBGP session, the border router changes the next-hop 
address to the IP address that is used as the source address of the IBGP session. 


The receiver of IBGP updates will see next-hop information that indicates a destination, which 
might not be directly connected. To resolve this problem, it will check its routing table and see 
if and how the next-hop address can be reached. Then it will route IP packets with destination 
addresses that match the network in the BGP update in the same direction as it would have 
routed an IP packet with the destination address equal to the IP address in the next-hop 
attribute. In this case, it is obvious that the next-hop address can be reached, because the IBGP 
session would not have been established otherwise. 


In the figure, R-12 sends a BGP update about network X. Because it is sending a BGP update 
over an EBGP session to RTR-A, the next-hop attribute is set to the IP address that is used at 
the R-12 side of the EBGP session, 1.0.0.1. 


RTR-A can use this information and route packets to network X by forwarding them to R-12. 


RTR-A also forwards the BGP update on all its IBGP sessions. It changes the next-hop 
attribute to the IP address of its own loopback interface, so RTR-B, RTR-C, and RTR-D will 
get information that they can reach network X by forwarding packets to 2.0.0.7. But that 
address is not directly connected. The routers will inspect the routing table to see if and how 
they can reach 2.0.0.7. They can then route packets to network X in the same direction as they 
would route packets to 2.0.0.7. 
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RTR-D also forwards the BGP update about network X to R-14. This is an EBGP session, 
which means that RTR-D will set the next-hop attribute to its own IP address that is used on 
that EBGP session, 3.0.0.2. 
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Differences Between EBGP and IBGP Sessions 


This topic explains the differences between EBGP and IBGP sessions. 


Differences Between EBGP and 
IBGP Sessions 


° No BGP attributes are changed in IBGP updates. 


* Due to BGP split horizon, routes learned from 
IBGP peer are not advertised to other IBGP peers. 


¢ Local preference and MED attributes are 
propagated only over IBGP sessions. 


° EBGP peers are directly connected; IBGP peers 
are usually distant. 


* Route selection rules slightly prefer EBGP routes. 


Both EBGP and IBGP sessions forward BGP updates, however, they do it in slightly different 
ways: 


The router does not change BGP attributes when an update is sent across an IBGP session, 
unless next-hop-self is configured. When a BGP-speaking router sends an update across an 
EBGP session, the next-hop attribute is always set and the AS number of the router is 
prepended to the AS-path attribute. 


IBGP uses split horizon to prevent routing information loops. EBGP does not use split 
horizon and instead uses the AS path to detect loops. In both cases, a router forwards only 
the best route and never sends a route back on the session from which it was received. But 
IBGP split-horizon rules also prohibit a router from forwarding any information that is 
received on an IBGP session to another IBGP session. 


IBGP border routers will remove the local preference attribute from a BGP route before the 
BGP update is sent over an EBGP session. This difference means that the local preference 
attribute is distributed on IBGP sessions only. 


The multi-exit discriminator (MED) attribute is received from a neighboring AS and 
distributed within the local AS. But when the update is about to be forwarded over another 
EBGP session to a third AS, the information is stripped off. 


Two routers with an EBGP session between them normally establish the session using the 
IP addresses from a common, shared subnet. Using the shared subnet to establish the 
session guarantees that the two routers can exchange IP packets without any IGP running 
between them. Also, recursive routing will always succeed because the next-hop address is 
reachable using a directly connected route. 
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m= IBGP sessions are normally established between all routers in the AS in a full mesh. But all 
routers in an AS might not have physical connections to every other router within the AS. 
Because IBGP sessions are established between routers using IP addresses of different 
subnets, an IGP must be running within the AS in order to establish IBGP sessions. 


= BGP route selection rules slightly favor EBGP routes over equivalent IBGP routes. 
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Example 


Differences Between EBGP and 
IBGP Sessions (Cont.) 


Identical routes are received 
External route is preferred from internal and external peer 


10.0.0.0/8 AS=12 


SV 8/0°0°0'0L 


cL= 


¢ Whenever identical routes are received from IBGP and EBGP 
peers, the route from the EBGP peer is preferred. 


BGP v3.1—2-15 


One of the default goals of transit packet forwarding is to propagate the transit packet toward 
the downstream AS as soon as possible. A border router that receives otherwise equivalent 
routes to the same destination over both an EBGP session and an IBGP session will prefer the 
information that is received through the EBGP session. 


Note Equivalent routes are routes that have equal BGP path attributes used in the BGP route 
selection rules (weight, local preference, AS-path length, origin, MED). 


In the figure, the lower router in AS 42 receives BGP updates about network 10.0.0.0/8 over 
two different paths. One update is received over the EBGP session to AS 12. The other update 
is received over the IBGP session to the upper router in AS 42. All essential attributes are the 
same, so route selection cannot be made easily. 


The lower router in AS 42 realizes that IP packets with destination addresses within network 
10.0.0.0/8 should sooner rather than later leave AS 42. It is better to make them leave the AS 
right away. So the update that was received on the EBGP session is preferred over the update 
that was received on the IBGP session. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
rt | 


* All BGP routing updates carry the mandatory well-known 
attribute AS-path, which lists the autonomous systems 
that the routing update has already crossed. AS-path is 
not changed when the BGP prefix is propagated across 
IBGP sessions. 


Routing information loops within the AS are prevented by 
IBGP split horizon—routing information that is received 
through an IBGP session is never forwarded to another 
IBGP neighbor, only toward EBGP neighbors. 


All BGP routers within an AS must have IBGP sessions 
with every other BGP router in the AS, resulting in a full 
mesh of BGP sessions. 


For stability, the best choice when you are configuring 
IBGP sessions is to establish the session between 
loopback interfaces of BGP routers. 


2004 Cisco Systems, Inc. All rights reserved 


Summary (Cont.) 


The next-hop attribute is typically set to the IP address that the 
sending router is using as its source IP address for an EBGP 
session. Recursive routing is done to resolve the next hop 
inside an AS because the next-hop attribute is not changed on 
IBGP updates. 


In order to get the recursive routing to work, a router must 
resolve all possible next-hop references that use information 
in the routing table. The IGP that is used in the AS must carry 
this information. 


You can configure an edge router to set its IP address as the 
next-hop address even when the BGP updates are sent across 
IBGP sessions. As a result, there is no need for the receiver of 
the IBGP information to know how to reach the far end of the 
EBGP session, because that IP address is no longer set as the 
next hop. 


BGP attributes are not changed when an update is sent across 
an IBGP session, unless next-hop-self is configured. 


ms, Inc. All rights reserve BGP v3.1—2-17 
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References 


For additional information, refer to these resources: 


m= For more information on transit autonomous systems, refer to “BGP Case Studies 1” at the 
following URL: http://www.cisco.com/warp/public/459/bgp-toc.html 


m= For more information on the next-hop attribute, refer to “Using the Border Gateway 
Protocol for Interdomain Routing” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm 
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Forwarding Packets in a 
Transit AS 


Overview 


A transit AS requires interaction between EBGP and IBGP, and between IBGP and an IGP in 
the transit AS. This lesson describes packet forwarding through a transit AS and discusses the 
requirements for successful packet forwarding, such as recursive route lookup and an IGP in 
the transit AS. This lesson concludes with a discussion of the interaction between IBGP and an 
IGP running within the transit AS. 


Relevance 


Configuring a BGP network in a transit services configuration requires special care to ensure 
the consistency of routing information throughout the AS. Understanding the interaction 
between IBGP and EBGP, and between IBGP and an IGP is crucial to successfully configuring 
and troubleshooting the transit autonomous network. 


Objectives 


Upon completing this lesson, you will be able to describe the function of IGP in forwarding 
packets through an AS. This includes being able to meet these objectives: 


Describe packet forwarding in a transit AS 

Explain recursive lookup in Cisco IOS software 

Explain the need for an IGP in a transit backbone that is running BGP on all routers 
Describe interactions between BGP and IGP 


Explain the potential problems that might arise from BGP and IGP interaction 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 
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Outline 


The outline lists the topics included in this lesson. 


Outline 
OO EO ee Cisco.com 


° Overview 
* Packet Forwarding in a Transit AS 
¢ Recursive Lookup in Cisco IOS Software 


* Routing Protocols in a Transit AS 


¢ BGP and IGP Interaction 
¢ Problems with BGP and IGP Interaction 
° Summary 
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Packet Forwarding in a Transit AS 


This topic describes packet forwarding in a transit AS. 


Packet Forwarding in a Transit AS 


RTR-C AS 42 RTR-D 


Router on a transit path needs to know all external | 
destinations for proper packet forwarding 
All core routers need external routers for proper packet 
forwarding. 


* Redistributing can overload IGP resources. 


¢ IBGP is the preferred for scalability. 


When BGP updates have propagated through the transit AS to all neighboring autonomous 
systems, the IP traffic can start to flow. 


Router R-14 will forward to RTR-D IP packets with the destination address matching a 
network in AS 12. RTR-D will check its routing table and find that there is a BGP route for that 
destination. The BGP route has a next-hop reference, which points to the far end of the EBGP 
session between R-12 and RTR-A. So RTR-D once again checks the routing table and finds 
that it should forward the packet to RTR-C in this case. 


Thus, RTR-C receives the IP packet with a destination address indicating a host within AS 12. 
In order to be able to forward this packet, RTR-C must have a matching route in its routing 
table. A default route or gateway of last resort is not appropriate because in the next instant 
RTR-C could receive another packet, coming in from the other direction and destined to AS 14. 


The conclusion is that both RTR-C and RTR-B, to handle all possible cases, must have routing 
information to all the external networks that RTR-A and RTR-D have. The only scalable way 
of providing routers with this information is to update RTR-C and RTR-B with IBGP from both 
RTR-A and RTR-D. 


In theory, the external information that is received by RTR-A and RTR-D could be 
redistributed by these ingress routers into the IGP in use within the transit AS. However, no 
IGP can handle the volume of information that BGP can. So there would always be a risk that 
the IGP would break because of information overload, causing a total network meltdown in the 
AS. The volume of routing information that is carried by BGP in the contemporary Internet has 
long ago passed the limits for what it is possible to carry in any IGP. 
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Packet Forwarding in a Transit AS (Cont.) 
——————— ee Sint ee | 


¢ Routes learned via BGP do not have outgoing interface 
associated with them in the routing table. 


¢ Recursive lookup is performed to forward IP packets toward 
external destinations. 


No outgoing interface 


wg3pe2# show ip route 128.51.0.0 
Routing entry for 128.51.0.0/16 
Known via "bgp 5", distance 200, metric 0 
Tag 99, type internal 
Last update from 192.168.5.1 01:21:25 ago 
Routing Descriptor Blocks: 
* 192.168.5.1, from 192.168.5.1, 01:21:25 ago 
Route metric is 0, traffic share count is 1 


AS Hops 5 
wg3pe2# show ip route 192.168.5.1 — Route toward BGP next-hop | 
Routing entry for 192.168.5.1/32 
Known via "ospf 1", distance 110, metric 1563, type intra area 
Redistributing via ospf 1, rip 
Advertised by rip metric 3 
Last update from 192.168.5.17 on Serial1/0.121, 02:09:15 ago 
Routing Descriptor Blocks: 
* 192.168.5.17, from 192.168.5.1, 02:09:15 ago, via Serial1/0.121 
Route metric is 1563, traffic share count is 1 


BGP next-hop Outgoing interface 


002G_112 
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A BGP route is installed in the IP routing table of a router only if the IP address in the next-hop 
attribute is reachable according to the information already in the routing table. The installed 
BGP route contains a reference to that next-hop address. So, the network will be reachable via 
an IP address, which may or may not be directly connected. Because there is no clear reference 
to a physical interface, the BGP route is installed in the IP routing table without any 
information about outgoing interface. 


The router must evaluate the recursive reference to the BGP next hop sooner or later in order to 
allow packet forwarding toward external destinations. The point in time when the recursive 
reference is resolved is dependent upon the IP switching mechanism that is used by the router. 
At the latest, the router performs the recursive route lookup when an IP packet with a 
destination address that matches the BGP route should be forwarded. The router determines 
which outgoing interface should be used and which Layer 2 address to assign (if applicable). 
The router creates a cache entry so that successive IP packets to the same destination can be 
routed using the same outgoing interface and Layer 2 address. 
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Recursive Lookup in Cisco IOS Software 


This topic explains how recursive lookup functions in Cisco IOS software. 


Recursive Lookup in Cisco 1OS Software 


Entries in routing table are built from BGP table 
Outgoing interface is never associated with a BGP route 


Recursive lookup is performed to forward 
the packet toward external destination 


Other attr. 


Next-hop | Outgoing interface 
1.2.3.4 


IP routing 
table 


Ethernet 0 
Ethernet 0 


L2 header 


Switching .0.0. MAC header 
cache 


Lookup result 
is stored in 


IP address | MAC address switching cache 


ARP cache 0c.00.11.22.33.44 
ARP cache lookup is performed 
to build Layer 2 header 
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The figure here presents the steps in the recursive lookup process in Cisco IOS software. The 
router has received a BGP update about network 10.0.0.0/8. It was associated with an AS-path 
attribute set to 42 13, a next-hop attribute set to the IP address 1.2.3.4, and a community value 
37:12. Some other attributes were also carried with the update. 


Because the next-hop address 1.2.3.4 is reachable according to the routing table, the BGP route 
is also installed in the routing table. Network number, subnet mask, and next-hop attributes are 
inherited from the BGP table. No outgoing interface is assigned. 


When an IP packet with a destination in network 10.0.0.0 is received, the router searches the 
routing table and finds the installed BGP route. The router takes the indicated next-hop address 
1.2.3.4 and searches the routing table again. It will now find a match with the Open Shortest 
Path First (OSPF) route to subnet 1.2.3.0/24. The 1.2.3.0/24 route has an outgoing interface set 
to interface Ethernet 0 and a next hop set to 1.5.4.1, meaning that packets that are destined for 
network 10.0.0.0 should be forwarded via 1.5.4.1, which is directly reachable over Ethernet 0. 
The Address Resolution Protocol (ARP) table is used to find the MAC address for IP address 
1.5.4.1. The MAC address is used to forward the IP packet to network 10.0.0.0 out the Ethernet 
O interface. The MAC header is stored in the cache for successive packets to network 10.0.0.0. 


Note This example illustrates the recursive lookup performed when the router uses cache-based 
IP switching mechanisms; for example, fast switching or optimum switching. See the next 
figure for more information on the differences between Cisco Express Forwarding (CEF) and 
the cache-based switching mechanisms. 
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Recursive Lookup in Cisco lOS 
Software (Cont.) 


* Traditional Cisco IOS software switching 
mechanisms perform recursive lookup when 
forwarding the first packet. 

— Fast switching, optimum switching. 

° CEF precomputes the routing table. 


— All recursive lookups are performed while the 
routing table is built. 
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Traditional Cisco IOS switching mechanisms used the traffic-driven, cache-based switching 
approach. Both fast switching and optimum switching populate the IP switching cache on 
demand, meaning that before any IP packets are forwarded, the cache is empty. After the first 
packet to a specific destination arrives, all routing table lookups are done, including recursive 
lookup in the case of a BGP route. The result of the lookup is cached for later use when 
successive packets to the same destination arrive. The process is repeated for every specific 
destination. 


CEF prebuilds a complete IP forwarding table (called the Forwarding Information Base [FIB]) 
that is based on the IP routing table. After the router installs a routing entry into its routing 
table, incoming routing information updates trigger the recursive lookup, and the outgoing 
interface and the actual physical next hop of the route are determined. MAC address resolution 
and MAC header generation are still traffic-driven and stored in the cache. 
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Routing Protocols in a Transit AS 


This topic explains the need for an IGP in a transit backbone that is running BGP on all routers. 


Routing Protocols in a Transit AS 


All core routers 
are running IBGP 


RTR-C AS 42 RTR-D 


002G_114 


With IBGP running on all core routers, is an IGP still 
needed in the core? 


* An IGP is needed to resolve BGP next hops and perform 
fast convergence after a failure in the core network. 


Some network designers base their network design on the wrong assumption that an internal 
routing protocol is not needed in a transit AS where all routers run BGP. However, the internal 
routing protocol is still needed inside an AS for two reasons: 


m= To provide routing information that is needed to establish the IBGP sessions 


m To resolve next-hop references (recursive routing) 


For example, when RTR-D in the example here receives an IP packet with the destination in 
AS 12, it will do a recursive lookup to find the outgoing interface to be used for packet 
forwarding. It performs the recursive lookup based on IGP information. If there is suddenly an 
internal problem within AS 42, and the next-hop address is reachable a different way, the IGP 
will determine this fact. The IGP route to the next-hop network will be changed by the router 
because of newly received IGP route information, and all cache entries that rely on the old 
information will be invalidated. The next recursive lookup that RTR-D performs will now 
indicate a different outgoing interface than before the problem occurred. 


During the IGP convergence process, the BGP routing is not affected. The only routing updates 
that are exchanged during the transit AS convergence are IGP updates describing how to reach 
internal destinations (including the far ends of the EBGP sessions). 


The packet forwarding to external destinations thus benefits from the high-speed convergence 
that is offered by the IGP. The faster the IGP determines that it should use an alternate path 
within the AS to reach the next-hop address, the faster it will re-establish IP connectivity 
toward external destinations. 
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The conclusion is that an IGP is still needed inside a transit AS, and the network will work 
better if it is an IGP with fast convergence. 


Routing Protocols in a Transit AS (Cont.) 
Cis cor 


¢ Core routers need to run BGP and an IGP. 
¢ BGP carries all external routes. 


¢ The IGP propagates BGP next hops and other core 
subnets only. 


¢ All customer routes are also carried in BGP. 


— Reduces IGP topology database 


—Removes customer-caused route flaps from IGP; 
IGP becomes more stable 


Both BGP and the configured IGP should be configured on all core routers inside the transit 
AS. The IGP should carry as little information as possible—ideally only the links within the 
core network, the loopback interfaces, and the external subnets that are used in EBGP sessions 
with neighboring autonomous systems. This information is enough to establish IBGP sessions 
and resolve next-hop addresses. The IGP will also work better if it carries less routing 
information. 


No routes external to the transit AS should ever be redistributed by any router from BGP into 
the IGP. All external routes should be in BGP only. 


In autonomous systems that provide customer connectivity (not only transit service), it is also 
highly recommended that the customer networks be carried in BGP in order to reduce the 
amount of information in the IGP and increase IGP stability. 
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BGP and IGP Interaction 


This topic describes the interaction between BGP and IGPs in a transit AS. 


BGP and IGP Interaction 


Ideally, there will be no interaction between BGP 
and the IGP. 


* BGP carries external and customer routes. 
* The IGP carries only core subnets. 
° The IGP is not affected by external route flaps. 


° BGP is not affected by failures internal to the 
network as long as the BGP next hop remains 
reachable. 


* The only link between BGP and the IGP should be 
the recursive lookup. 


Ideally, BGP and the IGP carry two different sets of routing information. BGP carries those 
routes that are received from other autonomous systems and those routes that belong to the 
local AS and should be announced to other autonomous systems. The IGP carries only enough 
information to establish IBGP sessions and resolve the EBGP next-hop addresses via the IGP 
routing tables. 


The IGP will provide reachability toward the BGP next-hop addresses only if it is not disturbed 
by external updates from other autonomous systems. 


BGP should take care of the external information. As long as the IGP finds a usable way to the 
BGP next hops, the BGP does not need to do any recalculation because of internal problems 
within the AS. 
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BGP and IGP Interaction (Cont.) 
ee ee Sinetenn | 


Sometimes, BGP and the IGP will propagate 
the same route. 
* Usually due to bad network design. 


¢ In this case, routes are determined in 
EBGPIIGP/IBGP order based on administrative 
distances of the routes. 


Routing protocol Default administrative 
distance 
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Sometimes the interaction between BGP and the IGP is not ideal due to a number of reasons, 
including bad network design. In the worst case, the same networks might be carried in both the 
IGP and in BGP. For example, the subnets connecting the AS with neighboring autonomous 
systems have to be announced via the IGP to enable next-hop resolution but may also be 
announced via BGP by the remote AS or the local AS. In any case, information about the same 
IP prefix will appear in both the IGP and the BGP data structures. 


When the router installs routing information into the routing table, it checks to see whether 
there are several sources of information for a particular IP prefix. If so, the router will install 
the information that it determines is most reliable. The administrative distance (AD) determines 
which source to use. 


BGP considers both EBGP and IBGP routes in the BGP selection process. BGP will therefore 
never try to install both an EBGP route and an IBGP route for the same destination. 
Comparison between ADs will thus occur only when two different protocols carry the same 
destination network. 


If BGP selects an EBGP route as the best route for a given destination network, it will try to 
install that route with a very low AD, meaning that routes that are learned via EBGP have a 
high likelihood of being installed in the routing table. 


If BGP selects an IBGP route as the best, it will try to install it with a high AD, meaning that 
routes that are learned via IBGP have a low likelihood of being installed in the routing table. 


All IGPs, such as Enhanced Interior Gateway Routing Protocol (EIGRP), OSPF, Intermediate 
System-to-Intermediate System (IS-IS), and so on, have a medium likelihood of being installed. 
The ADs for IGPs fall between the ADs of EBGP and IBGP. 


Note The reason for giving EBGP a low default AD is because EBGP indicates routes external to 
the local AS. IP packets with destination addresses to those networks should leave the AS 
sooner rather than later. It is, in most cases, better that they leave the AS right away. 
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Problems with BGP and IGP Interaction 


This topic explains the potential problems that might arise from BGP and IGP interaction. 


Problems with BGP and IGP Interaction 
ee Cisco.com 


If an IGP route is learned through EBGP, the 
EBGP route will take precedence. 


* Potential causes: Bad network design, routing 
problems, or denial-of-service attack. 


* Protect IGP routes with inbound prefix-list filters at 
AS edges. 


¢ Routers should never accept information about 
local subnets from an external source. 


If routing information about the same IP prefix is learned via both EBGP and an IGP, the router 
will use the EBGP information. If an external AS is feeding the local AS with EBGP routes that 
actually should be local, routers within the AS will erroneously forward IP packets that are 
destined to those local networks out of the local AS. 


There are several potential reasons for this behavior; the most common is that the remote AS is 
improperly configured or there is a denial-of-service (DoS) attack. To protect a local AS from 
this undesired behavior, network administrators should install inbound filters on all EBGP 
sessions to filter incoming routes and reject routing information about networks that are 
actually local to the AS. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
isc cr 


* The only scalable way to ensure external destinations 
are reachable from inside the transit AS is through IBGP. 


* Arecursive lookup is performed in BGP to resolve the 
forwarding path reference of the next-hop attribute. 


* Packet forwarding to external destinations benefits from 


the high-speed convergence offered by an IGP; 
therefore, an IGP is still needed inside a transit AS. 


* The IGP should provide reachability toward BGP next- 
hop addresses only if they are not disturbed by external 
updates from other autonomous systems (those are 
handled by BGP). 


* IP packets could be erroneously forwarded out of the 
local AS if an external AS accidentally (or by intent: DoS) 
feeds the local AS with EBGP routes that should be local. 


References 


For additional information, refer to this resource: 


m= For more information on transit autonomous systems, refer to “BGP Case Studies 1” at the 
following URL: http://www.cisco.com/warp/public/459/bgp-toc.html 
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Configuring a Transit AS 


Overview 


Specifying an AS as a transit backbone introduces specific requirements in the design, scaling, 
and configuration of BGP. This lesson introduces the configuration requirements of IBGP to 
implement a transit AS. Configuration details of IBGP are discussed in this lesson, including 
IBGP neighbor configuration, using loopback interfaces for IBGP neighbors, disabling BGP 
synchronization, and modifying the default ADs of BGP. This lesson concludes with a 
discussion of the scalability concerns of BGP in the transit backbone. 


Relevance 


Configuring a BGP network in a transit services configuration requires special care to ensure 
consistency of routing information throughout the AS. Understanding the configuration 
requirements for a transit backbone is crucial to successfully implementing the transit 
autonomous network. 


Objectives 


Upon completing this lesson, you will be able to identify the configuration requirements for a 
transit AS. This includes being able to meet these objectives: 


m Identify the Cisco IOS commands that are required to configure IBGP neighbors 


m= Identify the Cisco IOS command that is required to configure IBGP sessions between 
loopback interfaces 


m Identify the Cisco IOS command that is required to configure BGP synchronization to 
ensure successful IBGP operation of the transit AS 


m Identify the Cisco IOS command that is required to change the AD of BGP routes 
m Identify the scalability limitations of IBGP-based backbones 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


™ Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 
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Outline 


The outline lists the topics included in this lesson. 


Outline 

eee Cisco.com | 
° Overview 
° Configuring IBGP Neighbors 


¢ Configuring IBGP Sessions Between 
Loopback Interfaces 


¢ Configuring BGP Synchronization 


¢ Changing the Administrative Distance of BGP 
Routes 


¢ Scalability Limitations of IBGP-Based Transit 
Backbones 


° Summary 
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Configuring IBGP Neighbors 


This topic lists the Cisco IOS commands that are required to configure IBGP neighbors in an 
AS. 


Configuring IBGP Neighbors 


router (config-router) # 


neighbor ip-address remote-as as-number 


* Configures BGP neighbor. 


° The AS number configured determines whether the 
session is an EBGP session (neighbor AS is different 
from local AS) or IBGP session (Same AS number). 


router (config-router) # 


neighbor ip-address description text 


* Attaches optional description to a neighbor. 


BGP v3.1—2-3 


Configuring an IBGP neighbor involves two simple steps: 
= Configure a BGP neighbor, specifying the same AS number 


m Optionally, attach a description to the neighbor to help in documentation and 
troubleshooting efforts 
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neighbor remote-as 


To add an entry to the BGP neighbor table, use the neighbor remote-as router configuration 
command. 


m= neighbor [ip-address | peer-group-name] remote-as as-number 


To remove an entry from the table, use the no form of this command. 


= no neighbor [ip-address | peer-group-name] remote-as as-number 


Syntax Description 


Parameter Description 

ip-address Neighbor IP address 
peer-group-name Name of a BGP peer group 
as-number AS to which the neighbor belongs 


neighbor description 


To associate a description with a neighbor, use the neighbor description router configuration 
command. 


m neighbor [ip-address | peer-group-name]description text 


To remove the description, use the no form of this command. 


= no neighbor [ip-address | peer-group-name] description text 


Syntax Description 


Parameter Description 
ip-address Neighbor IP address 
peer-group-name Name of a BGP peer group 
text Text (up to 80 characters) that describes the neighbor 
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Configuring IBGP Sessions Between Loopback 
Interfaces 


This topic presents the Cisco IOS command that is required to configure IBGP sessions 
between loopback interfaces on routers in a common AS. 


Configuring IBGP Sessions Between 
Loopback Interfaces 


router (config-router) # 


neighbor ip-address update-source interface 


* Configures the source interface for the TCP session 
that carries BGP traffic. 


* For IBGP sessions, the source interface is a loopback 
address. 


* Source address configured on one peering router 
must match the destination address configured on 
the other—BGP session will not start otherwise. 


¢ Make sure that your loopback interfaces are 
announced in the backbone IGP. 


When a BGP session is established between two routers, both routers attempt to set up the TCP 
connection by sending TCP SYN packets to each other. If both succeed, one of the sessions 
will be brought down so only one remains. The TCP packets have a destination IP address that 
is configured with the neighbor command. But they must also have a source IP address 
assigned. If no update source is configured, the router will set the source IP address of the 
outgoing TCP session to the IP address of the outgoing physical interface. 


When a TCP SYN packet with the BGP well-known port number arrives at the peer router, the 
receiver checks if the connection attempt is coming from one of the configured peers. If the 
source IP address is not in the list of configured neighbors, the receiver denies the connection 
attempt. 


As a general rule, IBGP sessions should be established between loopback interfaces of BGP- 
speaking routers. The destination IP address that is configured in the neighbor statement should 
therefore be the IP address of the loopback interface of the peer router. But the local router 
must also make sure that the source address of the outgoing TCP connection attempt is the IP 
address that the peer router has listed. Configuring BGP neighbors using neighbor update- 
source ensures that the source address of the outgoing TCP connection is correct by referring to 
the interface that has the correct IP address. Normally, this interface is the loopback interface of 
the local router. 
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neighbor update-source 


To instruct Cisco IOS software to allow IBGP sessions to use any operational interface for TCP 
connections, use the neighbor update-source router configuration command. 


m neighbor [ip-address | peer-group-name] update-source interface 


To restore the interface assignment to the closest interface, which is called the “best local 
address,” use the no form of this command. 


= no neighbor [ip-address | peer-group-name] update-source interface 


Syntax Description 


Parameter Description 
ip-address Neighbor IP address 
peer-group-name Name of a BGP peer group 
interface Loopback interface 
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Configuring BGP Synchronization 


This topic presents the Cisco IOS command that is required to configure BGP synchronization 
to ensure successful IBGP operation of a transit AS. 


Configuring BGP Synchronization 


router (config-router) # 


no synchronization 


* Disables synchronization between BGP and an IGP. 


* Modern transit autonomous systems do not need 
synchronization because they do not rely on 
redistribution of BGP routes into an IGP. 


* BGP synchronization has to be disabled in modern 
transit AS designs on all BGP routers. 


BGP v3.1—2-5 


The BGP synchronization rule states that if an AS provides transit service to another AS, BGP 
should not advertise a route until all of the routers within the AS have learned about the route 
via an IGP. Network designers used synchronization in older transit AS designs that relied on 
BGP route redistribution into the IGP. Modern AS designs do not rely on this feature anymore 
because the number of routes carried in the Internet exceeds the scalability range of any known 
IGP. Redistribution into the IGP is thus no longer applicable, and you must disable the 
synchronization feature for your transit AS to work. 


synchronization 


To enable the Cisco IOS software to advertise a network route without waiting for the IGP (that 
is, to disable synchronization between BGP and your IGP), use the no form of the 
synchronization command. Note that in Cisco IOS Release 12.2(8)T and later, the default 
changed to disable synchronization. 


= no synchronization 


Syntax Description 


This command has no arguments or keywords. 
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Changing the Administrative Distance of BGP 
Routes 


This topic presents the Cisco IOS command that is required to change the AD of BGP routes. 


Changing the Administrative 
Distance of BGP Routes 


router (config-router) # 


distance bgp external internal local 


¢ Sets administrative distance for EBGP, IBGP, and 
local routes. 


* Applies only to routes received after the command 


has been entered (similar to filters). 


¢ Defaults: EBGP routes have a distance of 20; IBGP 
and local routes have a distance of 200. 


¢ Defaults are usually OK; do not change them. 
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distance bgp 


To allow the use of external, internal, and local ADs that could be a better route to a node, use 
the distance bgp router configuration command. 


m distance bgp external-distance internal-distance local-distance 


To return to the default values, use the no form of this command. 


™ no distance bgp external-distance internal-distance local-distance 


Syntax Description 


Parameter 


external-distance 


Description 


AD for BGP external routes. External routes are routes for which 
the best path is learned from a neighbor external to the AS. 
Acceptable values are from 1 to 255. The default is 20. Routes 
with a distance of 255 are not installed in the routing table. 


internal-distance 


AD for BGP internal routes. Internal routes are those routes that 
are learned from another BGP entity within the same AS. 
Acceptable values are from 1 to 255. The default is 200. Routes 
with a distance of 255 are not installed in the routing table. 


local-distance 


Copyright © 2004, Cisco Systems, Inc. 


AD for BGP local routes. Local routes are those networks that are 
listed with a network router configuration command, often as back 
doors (BGP back door makes the IGP route the preferred route) 
for that router or for networks that are being redistributed from 
another protocol. Acceptable values are from 1 to 255. The 
default is 200. Routes with a distance of 255 are not installed in 
the routing table.t 
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Scalability Limitations of IBGP-Based Transit 
Backbones 


This topic identifies the scalability limitations of IBGP-based backbones. 


Scalability Limitations of IBGP-Based 
Transit Backbones 


Transit backbone requires IBGP full mesh 
between all core routers. 

e Large number of TCP sessions 

e Unnecessary duplicate routing traffic 


Two scalability solutions: 
¢ Route reflectors 
¢ BGP confederations 


IBGP split-horizon rules, as documented in previous lessons, mandate an IBGP connection 
between every border router and every other BGP router in an AS. 


The general design rule in IBGP design is to have a full mesh of IBGP sessions. But, a full 
mesh of IBGP session between n number of routers would require (n * (n-1)) / 2 IBGP 
sessions. For example, a full mesh between 10 routers would require (10 * 9) / 2 = 45 IBGP 
sessions. 


Because every IBGP session on a router uses a separate TCP session, an update that must be 
sent by the router to all IBGP peers must be sent on each of the TCP sessions. If a router is 
attached to the rest of the network over just a single link, this single link has to carry all TCP/IP 
packets for all IBGP sessions. This situation results in duplication of the update over the single 
link. 


Two different solutions are available: 


m= The route reflector solution modifies the IBGP split-horizon rules and allows a particular 
router to forward (under certain conditions) incoming IBGP updates to a select group of 
IBGP neighbors. The router performing this function is the “route reflector.” 


m The BGP confederations solution introduces the concept of a number of smaller 
autonomous systems within the original AS. These smaller autonomous systems exchange 
BGP updates between themselves using intra-confederation EBGP sessions. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


isc cor | 


* To configure an IBGP neighbor, use the neighbor command, 


Reference 


For 


Summary 


specifying a remote AS number matching the AS number 
of the local router. 


When you configure IBGP sessions between loopback 
interfaces, the interfaces must be announced in the 
backbone IGP. 


You should disable BGP synchronization in all modern 
transit AS designs on all BGP routers. 


Although you can change the administrative distances of 
BGP routes, you typically should not change the default 
settings for EBGP (20) and IBGP (200). 


The full-mesh IBGP requirement in the transit AS creates 
scalability issues in the number of TCP sessions and 
unnecessary, duplicate routing traffic. IBGP scalability 
solutions to these issues exist. 


S 


additional information, refer to these resources: 


For more information on transit autonomous systems, refer to “BGP Case Studies 1” at the 


following URL: http://www.cisco.com/warp/public/459/bgp-toc.html 


For more information on BGP solutions for scaling IBGP, refer to “BGP Case Studies 4” at 


the following URL: http://www.cisco.com/warp/public/459/bgp-toc.html#case4 


Next Steps 


For the associated lab exercise, refer to the following section of the course Lab Guide: 
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Monitoring and 
Troubleshooting IBGP ina 
Transit AS 


Overview 


Introduction of a transit backbone into a BGP network can create unique troubleshooting 
challenges. This lesson introduces IBGP monitoring commands and troubleshooting techniques 
for solving the most common IBGP problems that you might encounter in a transit backbone. 
Common problems with IBGP, as discussed in this lesson, occur when IBGP sessions do not 
reach the “Established” state, when routing information that is received via IBGP is never 
selected, and when the best BGP route is never installed in the routing table. 


Relevance 


Configuring a BGP network in a transit services configuration requires special care to ensure 
consistency of routing information throughout the AS. Understanding the tools and techniques 
to monitor and troubleshoot problems in the transit backbone is crucial to successfully 
implementing and maintaining the transit autonomous network. 


Objectives 


Upon completing this lesson, you will be able to verify proper IBGP operations and perform 
the steps to correct basic IBGP configuration errors. This includes being able to meet these 
objectives: 


m= Identify the Cisco IOS commands that are required to monitor IBGP operation 
m= Identify common IBGP configuration problems 

m= ‘Troubleshoot IBGP session startup issues 

m= Troubleshoot IBGP route selection issues 


m= Troubleshoot IBGP synchronization issues 
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Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
— eS ci] 


° Overview 

° Monitoring IBGP 

* Common IBGP Problems 

° Troubleshooting IBGP Session Startup Issues 


° Troubleshooting IBGP Route Selection Issues 


° Troubleshooting IBGP Synchronization Issues 
° Summary 
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Monitoring IBGP 


This topic lists the Cisco IOS commands that are required to monitor IBGP operation. 


Monitoring IBGP 


Cisco.com | 


router> 
show ip bgp neighbors 


* Displays whether a neighbor is an IBGP neighbor 


router> 
show ip bgp 


¢ Uses a Special marker (i) for IBGP routes 


router> 
show ip bgp prefix 


* Displays whether the prefix is an IBGP route 
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show ip bgp neighbors 


To display information about the TCP and BGP connections to neighbors, use the show ip bgp 
neighbors EXEC command. 


m= show ip bgp neighbors [ip-address] [received-routes | routes | advertised-routes | {paths 
regular-expression} | dampened-routes] 


Syntax Description 


Parameter Description 

ip-address (Optional) Address of the neighbor to display neighbor 
information about. If you omit this argument, all neighbors are 
displayed. 

received-routes (Optional) Displays all received routes (both accepted and 


rejected) from the specified neighbor. 


routes (Optional) Displays all routes that are received and accepted. The 
display output when you are using this keyword is a subset of the 
output from the received-routes keyword. 


advertised-routes (Optional) Displays all the routes that the router has advertised to 
the neighbor. 

paths regular- (Optional) Regular expression that the router uses to match the 

expression paths that are received. 

dampened-routes (Optional) Displays the dampened routes to the neighbor at the 


IP address that is specified 


show ip bgp 
To display entries in the BGP routing table, use the show ip bgp EXEC command. 


m= =show ip bgp [network] [network-mask] [longer-prefixes] 


Syntax Description 


Parameter Description 
network (Optional) Network number that is entered to display a particular 
network in the BGP routing table 
network-mask (Optional) Displays all BGP routes that match the address-mask 
pair 
longer-prefixes (Optional) Displays the route and more specific routes 
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Example 


Monitoring IBGP (Cont.) 


router# show ip bgp neighbor 192.168.3.101 
BGP neighbor is 192.168.3.101, remote AS 3, internal link 
BGP version 4, remote router ID 192.168.3.101 
BGP state = Established, up for 00:56:08 
Last read 00:00:08, hold time is 180, keepalive interval is 60 seconds 
Neighbor capabilities: 
Route refresh: advertised and received 
Address family IPv4 Unicast: advertised and received 
Received 82 messages, 0 notifications, 0 in queue 
Sent 97 messages, O notifications, 0 in queue 
Route refresh request: received 0, sent 0 
Minimum time between advertisement runs is 5 seconds 
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BGP v3.1—2-4 


The show ip bgp neighbors command displays whether a router is running an IBGP (internal) 
or EBGP (external) session with a BGP neighbor. The indication is given by the “internal link” 
phrase (marked white in the second line of the figure). 
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Monitoring IBGP (Cont.) 


router# show ip bgp 197.99.1.0 
BGP routing table entry for 197.99.1.0/24, version 3 
Paths: (1 available, best #1) 
Advertised to non peer-group peers: 
192.168.3.103 
99 
192.168.21.99 (metric 20) from 192.168.3.101 (192.168.3.101) 
Origin IGP, metric 0, localpref 100, valid, internal, best 
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The show ip bgp prefix command displays whether a BGP route was received from an IBGP 
(internal) or EBGP (external) neighbor. The indication is given by the word “internal” that is 
displayed in the last line of the printout (marked white in the last line of the figure). 
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Common IBGP Problems 


This topic identifies configuration problems that are common to IBGP implementations. 


Common IBGP Problems 


° IBGP sessions will not start. 


° IBGP route is in the BGP table, but is not 
selected. 


° IBGP route is selected, but is not entered in 
the routing table. 


Troubleshooting the BGP configuration of a transit AS can be cumbersome, because there are a 
number of common pitfalls that you might encounter. The next three topics give you 
troubleshooting advice for these three common problems: 


m= IBGP sessions do not reach the Established state. 
™ Routing information that is received via IBGP is never selected. 


m The best BGP route is never installed in the routing table. 
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Troubleshooting IBGP Session Startup Issues 


This topic describes how to troubleshoot IBGP session startup issues. 


Troubleshooting IBGP Session Startup 


Issues 
_ Oe Cisco.com 


Symptom: 
° IBGP session does not start. 


Diagnosis: 


° IBGP session is run between loopbacks, and 
update-source keyword is missing. 


Verification: 


¢ Use debug ip tcp transactions. You should see BGP 
sessions coming from unexpected IP addresses. 


A common mistake when you are configuring IBGP sessions is to forget the neighbor update- 
source loopback 0 configuration command. 


When you are configuring IBGP neighbors on the router, it is easy to remember to make a 
correct reference to the loopback interface of the remote router. But it is equally important to 
make sure that the correct source IP address of the outgoing TCP session is set. The peer router 
will not accept the session if the incoming source address does not match the peer router list of 
IBGP neighbors. 


To verify that this situation is the problem, use the debug ip tcp transactions command. The 
output of the debug ip tcp transactions command should display TCP SYN packets coming 
from unexpected IP addresses on the receiving router and TCP sessions being reset with TCP 
RST packets on the sending (misconfigured) router. 
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Troubleshooting IBGP Session Startup 
Issues (Cont.) 


Symptom: 

° IBGP session does not start. 
Diagnosis: 

¢ Loopback interfaces are not reachable. 
Verification: 


* Do extended ping between loopback addresses to 
verify reachability. 
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An IBGP session between two routers can be established from the loopback interface of one 
router to the loopback interface of the other router only if the two routers can exchange IP 
packets using those addresses as source and destination. This exchange is possible only if the 
IGP carries the subnets that are assigned to each of the loopback interfaces. 


When you are verifying the reachability with the ping command, make sure that the ping 
packets are sourced from the loopback interface. Use an extended ping and explicitly refer to 
the IP address of the loopback interface to ensure that packets are sourced from the loopback 


interface. 
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Troubleshooting IBGP Session Startup 
Issues (Cont.) 


Symptom: 
¢ IBGP session does not start. 
Diagnosis: 


° Packet filters prevent establishment of BGP 
sessions. 


Verification: 


¢ Use debug ip tcp transactions and debug ip icmp to 
see whether the initial TCP SYN packets are 
rejected. 
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Packet filters can stop the BGP sessions. The path between the two BGP peer routers must be 
free from filters blocking the BGP traffic. 


BGP runs on the well-known TCP port 179. Both routers will make connection attempts to that 
destination port. They will use a high-numbered TCP port as source. It is enough that one of the 
connection attempts succeeds. But for better performance during recovery from network 
failure, both attempts should have the possibility to succeed. If both attempts do succeed, one 
of the connections will be brought down. 
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Troubleshooting IBGP Route Selection Issues 


This topic describes how to troubleshoot IBGP route selection issues. 


Troubleshooting IBGP Route Selection 


Issues 
ee  (iseo.com | 


Symptom: 


¢ An IBGP route is in the BGP table but is never 
selected as the best route. 


Diagnosis: 


* The BGP next hop is not reachable. 


Verification: 
¢ Use show ip bgp prefix to find the BGP next hop. 
¢ Use show ip route to verify next-hop reachability. 


A BGP update can be used by the router to reach network destinations only if the next-hop 
address specified in the BGP update is reachable. A BGP update that refers to a next hop that is 
currently not reachable according to the routing table will be saved in the BGP table, but it 
cannot be installed by the router into its routing table. If the next-hop address later becomes 
reachable, the BGP route will become a candidate route that could be used by that router for 
packet forwarding to that destination. 


To verify the next-hop reachability, check the BGP route in the BGP table by using the show ip 
bgp prefix command. The next hop is referred to as “inaccessible” if it is not currently 
reachable according to the routing table. 


A common mistake is to forget to let the IGP announce the reachability of subnets that 
physically connect the local AS with a neighboring AS. These subnets are used by the router to 
establish the EBGP session, and the next hop that is received in an incoming BGP update will 
be the far end of the EBGP session. If all routers in the local AS do not have a path to that 
subnet, the next-hop address will be inaccessible. 


Prevent this problem by including the subnet that links the transit AS to neighboring 
autonomous systems in the IGP by using either the redistribute connected command or the 
network and passive-interface configuration commands. 
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Troubleshooting IBGP Synchronization Issues 


This topic describes how to troubleshoot IBGP synchronization issues. 


Troubleshooting IBGP Synchronization 


Issues 
EO Cisco.com 


Symptom: 


e An IBGP route is selected as the best route but not 
entered into the IP routing table. 


Diagnosis: 


¢ BGP synchronization is not disabled. 


Verification: 


* Disable BGP synchronization, clear the BGP 
sessions, and re-examine the IP routing table after 
the BGP table becomes stable. 


In old BGP designs, redistribution between BGP and an IGP was common practice, and these 
protocols had to be synchronized to ensure proper packet forwarding. In modern designs, 
redistribution is no longer used and the synchronization has to be turned off. However, the 
default value is to have synchronization enabled. 


Routers with BGP synchronization enabled will not be able to install IBGP routes in the routing 
table or propagate them to other EBGP neighbors. 


Fix this problem by configuring no synchronization in the router BGP configuration. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
isc cr 


You can use the show ip bgp neighbors and show ip bgp prefix 
commands to monitor IBGP. 


Common IBGP configuration problems include a session 
not in the Established state and issues with injecting routes 
into the IP routing table. 


One common session startup issue is to use the loopback 
as an IBGP peer without issuing the update-source 
configuration command. Another common session startup 
issue is the presence of a filter. 


It is important to include the subnet linking the transit AS to 
an external AS in the IGP to prevent the BGP next hop from 
being unreachable. 


Routers with BGP synchronization enabled will not be able 
to install IBGP routes in the routing table or propagate them 
to other EBGP neighbors. 


Inc. Alll rights reserve 


References 


For additional information, refer to these resources: 


= For more information on troubleshooting IBGP, refer to “Troubleshooting IP Connectivity 
and Routing Problems” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/cisintwk/itg_v1/tr1907.htm#xtocid27 


m= For more information on configuring and monitoring IBGP, refer to “Configuring BGP” at 


the following URL: 
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1 
cfbgp.htm 
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Lesson Assessments 


Overview 


Use the lesson assessments here to test what you learned in this module. The correct answers 
and solutions are found in the Lesson Assessment Answer Key. 


Outline 
This section includes these assessments: 
@ Quiz 2-1: Working with a Transit AS 
® Quiz 2-2: Interacting with IBGP and EBGP in a Transit AS 
@ Quiz 2-3: Forwarding Packets in a Transit AS 
@ Quiz 2-4: Configuring a Transit AS 
@ Quiz 2-5: Monitoring and Troubleshooting IBGP in a Transit AS 
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Quiz 2-1: Working with a Transit AS 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


Quiz 


2-72 


m List the functions of a transit AS 

m Describe external route propagation between autonomous systems in a BGP network 
m= Describe internal route propagation within a BGP AS 

m Explain how transiting packets are forwarded inside a transit AS 

m Explain the need for deploying IBGP on all core routers 


Answer these questions: 


Q1) Why is IBGP a mandatory component of a transit AS? 
A) It is the only feasible way to ensure that all routers in the AS have consistent 
external routing information. 
B) It eliminates the scalability issues of running an IGP within the transit AS. 
C) Running IBGP on all routers is the only way to satisfy the filtering 
requirements of the transit AS. 
D) An IGP is not capable of handling the potential routing loops in the transit AS. 
Q2) How is EBGP used in a transit AS? 
A) as a means of transporting customer routes across the transit backbone 
B) to exchange routes between different autonomous systems and the transit AS 
C) to enhance scalability by transporting IGP routes for the transit AS 
D) as a means of injecting local routes into the transit backbone 
Q3) Why is redistributing BGP routes into an IGP for use in a transit backbone NOT 
recommended? 
A) Redistribution removes all BGP attributes that are needed to ensure optimal 
routing within the transit AS. 
B) An IGP cannot enforce complex administrative policies and route selection 
rules. 
C) IGPs cannot scale to the demands that are presented by the number of routes on 
the Internet. 
D) IGPs are not stable when faced with a flapping network. 
Q4) ~~ What are the two key functions of a transit AS? (Choose two.) 
A) to filter out routes that do not belong to customers of the service provider 
B) to provide Internet connectivity to customers of the service provider 
C) to propagate routes between remote autonomous systems 
D) to route packets between remote networks 
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Q5) How are BGP routes sent across the transit backbone? 


A) by redistributing BGP into an IGP and then back into BGP 
B) through the use of IBGP 


C) by establishing EBGP sessions between all routers in the transit backbone 
D) by redistributing connected routes at the edge of the transit backbone 
Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 2-2: Interacting with IBGP and EBGP ina 
Transit AS 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


Quiz 


Describe AS-path processing in IBGP 

Explain the need for BGP split horizon 

Explain the need for a full-mesh topology between IBGP routers, and its implications 
Explain the benefits of establishing IBGP neighbor sessions using loopback interfaces 
Describe next-hop processing in IBGP 

Explain why all EBGP peers must be reachable by all BGP-speaking routers within the AS 
Describe how to configure routers to announce themselves as the next hop in IBGP updates 


Explain the differences between EBGP and IBGP sessions 


Answer these questions: 


Q1) Which two statements are true regarding the AS-path attribute as it relates to IBGP? 

(Choose two.) 

A) Each router in the AS appends its AS number to the AS path on outgoing BGP 
updates. 

B) The AS path inside an AS will be empty for routes originating inside a 
neighboring AS. 

C) The AS-path attribute is not used to detect routing loops inside an AS. 

D) The AS-path attribute is not modified within the AS. 

Q2) Why is it recommended that loopback interfaces be used to form IBGP neighbor 
sessions? 

A) Using loopback interfaces reduces router memory resource requirements. 

B) Using loopback interfaces reduces router CPU resource requirements. 

C) Using loopback interfaces ensures IBGP session stability. 

D) Using loopback interfaces is more secure than using the physical interface. 

Q3) How is the BGP next-hop attribute processed over an IBGP connection? 

A) The next-hop address is set to the address of the receiving router. 

B) The next-hop address is not modified over the IBGP session. 

C) The next-hop address is set to the IP address of the nearest EBGP peer. 

D) The next-hop attribute is set to the IP address of the nearest EBGP peer; if no 
external AS connection has been configured, the next hop is set to the default 
gateway that is configured on the router. 
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Q4) — Which two statements are true of the full-mesh requirement in IBGP? (Choose two.) 


The IBGP mesh must be a logical full mesh. 

A physical full mesh must be maintained within the IBGP AS. 

Because of BGP split horizon, no router can relay IBGP information within the 
AS. 

All routers within the AS must be directly connected to ensure correct delivery 
of BGP routing information. 


Q5) — Which three statements regarding the next-hop-self configuration in BGP are true? 


(Choose three.) 

A) Changing the next-hop attribute might cause suboptimal routing. 

B) The configuration changes how the next-hop attribute is processed at edge 
routers. 

C) The configuration announces the local IP address as the BGP next hop in 
outgoing updates that are sent to the specified neighbor. 

D) The configuration removes the requirement for the IGP to carry reachability 


information for intra-AS destinations. 


Q6) What are three differences between IBGP and EBGP sessions? (Choose three.) 


A) Route selection rules slightly prefer IBGP routes. 
B) Routes that are learned from IBGP peers are not advertised to other IBGP 
peers. 
C) EBGP peers are directly connected, and IBGP peers are usually distant. 
D) By default, no BGP attributes are changed in IBGP updates. 
Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
Copyright © 2004, Cisco Systems, Inc. BGP Transit Autonomous Systems 2-75 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Quiz 2-3: Forwarding Packets in a Transit AS 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


Quiz 


Describe packet forwarding in a transit AS 


Explain recursive lookup in Cisco IOS software 


Explain the need for an IGP in a transit backbone that is running BGP on all routers 


Describe interactions between BGP and IGP 


Explain the potential problems that might arise from BGP and IGP interaction 


Answer these questions: 


Q1) ~~ What are two reasons why you must run IBGP on all routers within a transit backbone? 

(Choose two.) 

A) so routers can properly forward packets toward all external destinations 

B) to ensure that a full mesh exists between all routers in the AS 

C) to allow routers to properly process the BGP next-hop attribute 

D) because IGPs cannot scale large enough to handle redistribution of BGP routes 

Q2) If atransit backbone has IBGP running on all routers, what are two reasons why it is 
still necessary to use an IGP? (Choose two.) 

A) to provide routing information that is needed to establish the IBGP sessions 

B) to resolve next-hop references that are used in recursive routing 

C) so that BGP routes can be properly transported through the AS 

D) to provide user workstations with a network default gateway 

Q3) What is the AD of the following protocols? (Fill in the blanks.) 

A) IBGP 

B) EBGP 

C) OSPF 

D) IS-IS 

E) RIP 

Q4) — What are two reasons why the AD is an important consideration for BGP network 
design? (Choose two.) 

A) The AD affects how routes are selected for use in the IP routing table. 

B) The AD controls how routing information is entered into the BGP table. 

C) If a route is advertised by both an IGP and through EBGBP, the router will 
prefer the external route. 

D) The AD is not a large concern to BGP design, because the router will always 
choose the route that is advertised by the protocol that is best suited to reach 
the destination. 
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Q5) — With regard to recursive route lookups, what are two ways in which CEF is different 
from traditional Cisco IOS switching mechanisms such as route caching? 
(Choose two.) 


A) Traditional Cisco IOS switching mechanisms wait for the first packet to arrive 
before recursive lookup can take place. 
B) New entries in the IP routing table will trigger a recursive lookup in traditional 


Cisco IOS switching mechanisms. 
C) CEF prebuilds a complete IP forwarding table based on the IP routing table. 
D) CEF will build a FIB directly from the entries in the BGP table prior to any 
BGP packets arriving at the router. 


Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 2-4: Configuring a Transit AS 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 
m Identify the Cisco IOS commands that are required to configure IBGP neighbors 


m Identify the Cisco IOS command that is required to configure IBGP sessions between 
loopback interfaces 


m™ Identify the Cisco IOS command that is required to configure BGP synchronization to 
ensure successful IBGP operation of the transit AS 


m Identify the Cisco IOS command that is required to change the administrative distance of 
BGP routes 


m Identify the scalability limitations of IBGP-based backbones 


Quiz 


2-78 


Answer these questions: 
Q1) When you are configuring the BGP neighbor session, what differentiates an EBGP 
neighbor from an IBGP neighbor? 


A) The keyword internal at the end of the neighbor command. 
B) IBGP neighbors will have the same AS number specified. 


C) A description for the internal or external neighbor must be attached with the 
neighbor description command. 
D) Directly connected neighbors will automatically form an EBGP session. 


Q2) — Which two steps are required when you use a loopback interface for IBGP peering 
sessions? (Choose two.) 


A) Ensure that the loopback interfaces are reachable through an IGP. 
B) Ensure that the two neighbors are directly attached. 

C) Verify that each router has multiple physically redundant paths. 

D) Configure a neighbor statement with the update-source command. 


Q3) — Why is it important to disable BGP synchronization in a transit backbone? 


A) IGPs can support the routing requirements of full Internet routing, and hence 
synchronization is no longer necessary. 

B) Because BGP redistribution into an IGP is no longer practical, enabling the 
synchronization feature is no longer applicable. 

C) Synchronization requires all BGP transit routes to be explicitly mapped to an 
exit point, creating too much administrative overhead. 

D) Synchronization requires BGP attributes to be properly mapped to IGP metrics 


in order for BGP routing across the transit backbone to function properly, 
creating too much overhead. 
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Q4) _~What are two negative ramifications of the full-mesh requirement that is imposed by 
IBGP? (Choose two.) 


A) administratively difficult to apply an AS-wide routing policy 


B) requires the use of next-hop-self for proper routing to external destinations 
C) large number of TCP sessions 
D) unnecessary duplication of routing traffic 


Q5) What are two scalability tools that you can use to overcome the full-mesh requirement 
for IBGP sessions? (Choose two.) 


A) confederations 
B) floating static routes 
C) route reflectors 


D) disabling BGP synchronization 


Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 2-5: Monitoring and Troubleshooting IBGP 
ina Transit AS 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


Quiz 


Identify the Cisco IOS commands that are required to monitor IBGP operation 
Identify common IBGP configuration problems 

Troubleshoot IBGP session startup issues 

Troubleshoot IBGP route selection issues 


Troubleshoot IBGP synchronization issues 


Answer these questions: 


Ql) 


Q2) 


Q3) 


Scoring 


Which Cisco IOS show command indicates that a BGP route is an IBGP route? 


A) show ip route 

B) show ip route bgp 
C) show ip bgp 

D) show ip bgp internal 


What are three common situations that prevent IBGP sessions from starting? (Choose 
three.) 


A) The IBGP session has been configured to peer to a loopback interface, but 
update-source has not been configured on the neighbor. 

B) An access control list filter is blocking access to TCP port 179. 

C) The IBGP session has been configured to peer to a loopback interface, but the 
loopback interface has not been administratively enabled with the no 
shutdown command. 

D) The IBGP session has been configured to peer to a loopback interface, but the 
interfaces are not reachable via the IGP. 


Which common issue could prevent IBGP best routes from being inserted into the IP 
routing table? 

A) failure to disable BGP synchronization 

B) failure to disable BGP split horizon 


C) lack of a route to the BGP next hop for the IGP 
D) failure to inject a default route into the IGP 


You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Lesson Assessment Answer Key 


Quiz 2-1: Working with a Transit AS 


Ql) A 
Q2) B 
Q3) C 
Q4) GD 
Q5) B 


Quiz 2-2: Interacting with IBGP and EBGP in a Transit AS 


Q1) amb) 
Q2) C 

Q3) B 

Q4) ANG 
Q5) A,B,C 
Q6) B,C, D 


Quiz 2-3: Forwarding Packets in a Transit AS 


Q1) A,D 
Q2) A,B 
Q3) A: 200, B: 20, C: 110, D: 115, E: 120 
Q4) ASC 
Q5) A,C 


Quiz 2-4: Configuring a Transit AS 


Ql) B 
Q2) A,D 
Q3) B 
Q4) GD 
QS) A,C 


Quiz 2-5: Monitoring and Troubleshooting IBGP in a Transit AS 


Ql) C 
Q2) A,B, D 
Q3) A 
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Module 3 


Route Selection 
Using Policy Controls 


Overview 


Border Gateway Protocol (BGP) enables traffic in Internet backbones to determine an optimal 
path to its destination across networks comprising more than one autonomous system (AS). 
Routes that are learned via BGP have properties that are associated with them that aid BGP in 
determining the best route to a particular destination. There are many instances where the 
default BGP route selection does not match administrative or business policies. Likewise, 
redundant network designs often require enterprises to run BGP when they are connected to 
more than one Internet service provider (ISP). In these situations, full BGP routing tables and 
default BGP route selection are not desirable. 


This module provides information on how to connect Internet customers to multiple service 
providers. It introduces the need for filtering of BGP updates and changing of BGP route 
selection policies. In addition, this module describes different Cisco IOS mechanisms (AS-path 
filters, prefix-lists, route-maps) available for BGP route filtering. 
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Module Objectives 


Upon completing this module, you will be able to perform route selection using policy controls. 


Module Objectives 


Describe the need for influencing BGP route selection ina 
customer scenario where connections to multiple ISPs must 
be supported 


Successfully configure BGP to influence route selection 
using AS-path filters in a customer scenario where 
connections to multiple ISPs must be supported 


Successfully configure BGP to influence route selection 
using prefix-list filters in a customer scenario where 
connections to multiple ISPs must be supported 


Use outbound route filtering to minimize the impact of BGP 
routing updates on router resources in an operational BGP 
networ 


Correctly configure BGP to influence route selection using 
route-maps in a typical BGP network 


Configure the soft reconfiguration feature to minimize the 
impactor expediting BGP policy updates in a typical BGP 
networl 


Module Outline 


The outline lists the components of this module. 


Module Outline 
re a ete ay 


¢ Using Multihomed BGP Networks 
* Employing AS-Path Filters 
° Filtering with Prefix-Lists 


¢ Using Outbound Route Filtering 
* Applying Route-Maps as BGP Filters 


¢ Implementing Changes in BGP Policy 
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Using Multihomed BGP 
Networks 


Overview 


Mission-critical applications often call for redundant network designs. When access to 
applications is provided over the Internet, enterprises typically use multihomed BGP networks 
to achieve their goals of high availability. In these situations, full BGP routing tables and 
default BGP route selection might ordinarily be considered as desirable characteristics for a 
network. However, the overhead of full BGP routing tables is not warranted in these situations. 
Furthermore, the default route selection in BGP often does not match the business and technical 
requirements for multihomed enterprise networks that use BGP. 


This lesson discusses these business and technical issues and the requirement to use filters to 
influence route selection and to apply policy. 


Relevance 


In some circumstances, it is important to have multiple paths to an ISP. There are business and 
technical reasons to configure a BGP network in a multihomed configuration. In addition to 
simply multihoming a BGP network, path selection is an important issue to be considered, as 
well as filtering particular routing advertisements. 
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Objectives 


Upon completing this lesson, you will be able to describe the issues of multihomed BGP 
networks. This includes being able to meet these objectives: 


m™ Describe the business issues of multihomed BGP networks in service provider 
environments 


m Describe the technical issues of multihomed BGP networks in service provider 
environments 


m Describe the need for BGP policies that influence route selection in a multihomed BGP 
network 


m List typical routing policies for multihomed BGP customers 
m™ Describe the need to influence BGP route selection in a service provider environment 


m Describe the need for BGP filters in a service provider environment 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
—————————— se Cisco'com manana 


° Overview 


* Business Requirements of Multihomed BGP 
Networks 


* Technical Requirements of Multihomed BGP 


Networks 
° BGP Route Selection Without Policies 
¢ Multihomed Customer Routing Policies 
° Influencing BGP Route Selection 
° BGP Filters 
* Summary 


BGP v3.1—3-2 
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Business Requirements of Multihomed BGP 
Networks 


This topic describes the business issues of multihomed BGP networks in service provider 
environments. 


Business Requirements of 
Multihomed BGP Networks 


Internet 


Service Provider #1 


Multihomed 
Customer 


Service Provider #2 


— 


e Some customers need redundant Internet access for their 
mission-critical applications. 


¢ Full redundancy is achieved only by connecting to two 
independent service providers. 


BGP v3.1—3-3 


Companies with web servers (or similar servers) offering mission-critical business services 
over the Internet often like to have their networks redundantly connected to the Internet. When 
the companies calculate the expected loss of business because of an unexpected disconnection 
from the Internet, they may conclude that having two connections to the Internet is profitable. 


In such cases the company may consider being a customer to two different ISPs or having two 
separate connections to one ISP. 


With two connections to one single ISP, BGP is usually not required. This solution provides 
backup for link failure and router failure. However, it does not provide backup for problems in 
the network of the ISP or the connection of the ISP to the rest of the Internet. 


Full redundancy is achieved only by connecting to two independent ISPs. If one of the ISP 
networks loses its connection to the rest of the Internet, the customer will still reach the rest of 
the Internet via the other service provider. At the same time, the customer will still reach those 
users directly connected to the failing ISP via its direct connection. 
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Technical Requirements of Multihomed BGP 
Networks 


This topic describes the technical issues of multihomed BGP networks in service provider 
environments. 


Technical Requirements of 
Multihomed BGP Networks 


Internet 


Service Provider #1 


Multihomed 
Customer 


Service Provider #2 


a 


e Multihomed customers have to run BGP with their ISPs. 


° Multihomed customers usually need a public AS number 
and provider-independent address space. 
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The multihomed customer network must exchange BGP information with both ISP networks. 
Dynamic routing is required for full redundancy, and BGP is the only protocol available that 
can be used in this scenario. 


The customer must, in most cases, have its own public AS number and announce its own IP 
networks to both ISPs. The ISPs will propagate customer announcements to the rest of the 
Internet, and the customer will be seen as reachable via both ISP networks. The customer 
network also receives full Internet routing from both ISPs. This capability gives the customer 
network the opportunity to choose the best connection at that time to reach any destination on 
the Internet. 


Most customers are not multihomed. They do not exchange BGP with their ISP. Instead, they 
use default routing to the ISP, and the ISP does static routing to the customer. ISPs use this fact 
to optimize the number of prefixes that they announce into the Internet. IP network numbers are 
usually assigned to customers from a range of IP networks that are delegated to the ISP. This 
situation means, in the ideal case, that all customers that are connected to one single ISP can 
have their IP networks summarized in a few BGP updates. 


In the multihomed scenario, however, the ISP cannot benefit from IP network number 
assignment from the delegated range. The customer is connected to two different ISPs, and it is 
not obvious from which provider-assigned address space it should get the IP addresses. The 
best solution is to do the assignment from a range completely independent of the providers, a 
provider-independent address space. 
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BGP Route Selection Without Policies 


This topic describes the need for BGP policies that influence route selection in a multihomed 
BGP network. 


BGP Route Selection Without Policies 


Internet 


Service Provider #1 


Multi-homed 
Customer 


Service Provider #2 


eae! 


router bgp my-AS-number 

neighbor provider-A remote-as ISP-A 
neighbor provider-B remote-as ISP-B |, 
network my-network 


* Customer configures two BGP sessions and announces 
its address space. 


The simple approach illustrated in the figure may be the source of many problems. By simply 
starting BGP sessions with both ISPs, and announcing its networks to them both, a customer 
could experience difficulties as a result of the default behaviors of BGP. 
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Example 


3-8 


BGP Route Selection Without Policies (Cont.) 
SS 


* BGP routes are selected based on AS-path length. 


¢ The default BGP route selection does not always 
result in optimum routing. 


asl123#show ip bgp 
BGP table version is 16, local router ID is 1.2.3.4 


Status codes: s suppressed, h history, * valid, > best, i - internal 


Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight Path 
0 32768 i 


22)--2. 
37° 


SoOboOB UO 


37 21 


21.37 
37 40 
21 40 
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This is an example of a multihomed customer with AS 123. It is connected to two different 
ISPs: AS 37 and AS 21. The two ISPs are interconnected, and both are also connected to AS 


40. 


The customer receives all routes from both service providers, giving redundancy. The default 
BGP route selection prefers the shortest AS path. If the AS-path lengths are equal, it prefers the 
most stable route, or the route that is received from the peer with the lower router-ID. 


In many cases, however, this is not the most optimal way to reach all destinations. For example, 
the bandwidth that is available to reach the ISPs has not been taken into consideration. To 
change the route selection behavior, some BGP parameters must be configured to support more 


complex routing policies. 
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Multihomed Customer Routing Policies 


This topic lists typical routing policies for multihomed BGP customers. 


Multihomed Customer Routing Policies 
I 


Multihomed customers could require a number of 
routing policies, for example: 
* One provider is primary; the other is backup. 


° Traffic to direct customers of the ISPs goes direct; all other 
traffic goes through the primary provider. 


° All traffic to a particular part of the world goes through one ISP. 


* Traffic toward a specific destination goes through only one of 
the ISPs. 


Depending on the circumstances, there are a couple of different polices that a multihomed 
customer might require: 


m™ One of the two ISPs can be considered the primary connection. This distinction can be the 
result of available bandwidth or commercial agreements. However, although one of the 
ISPs is considered the primary connection, some users may have direct connections to the 
secondary ISP. Therefore, going via the primary ISP to reach users that are connected to 
the secondary ISP may be suboptimal. 


m= Destinations in one part of the world may be reached more optimally via one of the ISPs, 
rather than via the other, because the two ISPs may have different infrastructures and 
peering agreements with other ISPs. 


To establish a routing policy that gives optimal routing to each and every destination on the 
Internet is virtually impossible. Optimization can be done only with the most common 
destinations in mind. This situation can result in specific rules on how to reach specific 
destination networks or the AS. 
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Influencing BGP Route Selection 


This topic describes the need to influence BGP route selection in a service provider 
environment. 


Influencing BGP Route Selection 


Internet 


Another 


Customer = /|-~! Backup ISP Upstream AS 


Multihomed 
Customer 


Primary 


link Primary ISP 


Internet traffic always flows over primary ISP. 


Routes received from primary ISP should be preferred 
over routes received from backup ISP. 


A route selection tool is needed in BGP: weights or local 
preference. 


Inc. Alll rights reserve BGP v3.1—3-8 


When one of the two ISPs is designated as a primary ISP and the other a backup, BGP 
attributes must be configured as a means of influencing BGP route selection rules. If both ISP 
connections terminate in one single customer router, all routes that are received from the 
primary ISP can be assigned a BGP weight. A higher weight indicates a more preferred path. 


But the weight value is local to one router. It is not shared between routers. If one ISP 
connection terminates in one of the customer routers, and the other ISP connection terminates 
in another, the two customer routers must agree on which link to use. Using local preference 
instead of weight can do this. All routes that are received from the primary ISP over the 
primary link are assigned a local preference value, which is higher than the default value of 
100. The customer router that receives the routes from the primary ISP completes the 
assignment and communicates the information to the other routers within the AS of the 
customer. 


The result of using either weight or local preference is that the AS of the customer reaches all 
its destinations on the Internet via the primary link as long as it is available, as well as those 
destinations within the AS of the secondary ISP. In the case of link failure, or failures within 
the network of the primary ISP, some of the routes, or all of the routes, will no longer be 
received over the primary link. In that case, the AS of the customer no longer sees those 
destinations as reachable over the primary link. The only remaining choice is via the backup 
link. Therefore, the backup link is used by the customer network only to reach destinations that 
are not reachable over the primary link. 


3-10 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Influencing BGP Route Selection (Cont.) 


nother Internet 
Customer Backup ISP Upstream AS 


Multihomed 
Customer 


° Internet traffic flows over primary ISP; traffic to 
customers of backup ISP goes direct. 


* Route selection has to be performed based on AS 
numbers in the AS path. 
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In most cases, it is more optimal to reach other customers connected to the backup ISP via the 
backup link, compared with reaching them via the primary link. 


The routing policy, described previously, where routes are blindly preferred if they are received 
on the primary link, can easily be modified to use the backup link when you are reaching 
destinations in the AS of the backup ISP. On the router, filtering tools can be configured to 
select routing information that is based on the content in the AS-path attribute. Those routes, 
with an AS-path attribute matching specific selection criteria, can be assigned an even higher 
weight or local preference. 


This approach results in a routing policy that gives precedence to reaching destinations within 
the AS of the primary ISP and within all autonomous systems upstream of the primary ISP over 
the primary link. Destinations within the AS of the backup ISP receive precedence over the 


backup link. 
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BGP Filters 


This topic describes the need for BGP filters in a service provider environment. 


BGP Filters—tTransit Traffic Issue 


Internet 


Service Provider #1 


Multihomed 
Customer 


« Customers could become a transit AS for the service 
providers. 


* Requirement: Do not propagate provider routes to other 
providers. 
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When BGP has selected the best path, the information is advertised by the router to all 
neighboring autonomous systems, except for the session that it was received on (called “BGP 
split-horizon functionality,” preventing near-range routing loops). This situation causes the 
customer AS to become a transit AS between the two ISPs, and should be avoided. 


Most customers do not have the intention to transit traffic between ISP networks. The access 
lines to the ISPs are not suited to carry this volume of traffic, and the customer certainly does 
not want to have its bandwidth consumed by transit traffic. 


The solution to this problem is to filter outgoing information to both ISPs. Filtering of routing 
information is performed based on the content of the AS-path attribute that is assigned to every 
BGP route. Only those routes having an AS-path attribute that indicates that they are sourced 
by the AS of the customer are allowed to be sent to either of the two ISPs. 


3-12 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


BGP Filters—Routing Update Reliability Issue 


Internet 


Service Provider #1 


Multihomed 
Customer 


AS 123 
21.0.0.0/8 


Network=10.0.0.0/8, \ 
AS-Path=123 


* Customers running BGP could announce any route to the 
service providers. 


¢ Requirement: Service providers have to filter IP prefixes 
in incoming updates. 
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Without some sort of filtering, BGP routing information that is created by the AS of the 
customer can potentially be propagated all over the Internet. In this way, the customer can 
inject erroneous information into the Internet routing tables. 


Customers are much less experienced in avoiding these kinds of problems than are service 
providers. There is much more risk for errors to be introduced when a customer is assigned its 
own AS and uses BGP with the ISP, as compared with the single-homed scenario where the 
ISP has sole responsibility to announce BGP routes to the rest of the Internet. 


Almost all the problems that a customer can cause the Internet by improperly configuring its 
BGP can be stopped by the ISP. The ISP should filter all incoming information from the 
customer and accept only what is supposed to arrive. It should discard anything outside strict 
limits. In this way, the ISP prevents the propagation of erroneous information to the rest of the 
Internet. 


The ISP can maintain a list of the IP network numbers that the customer is announcing and 
filter out any other route. If this approach is not possible due to the volume of those lists, the 
ISP should at least be able to filter out the most obvious erroneous announcements. 


Note Private addresses, according to RFC 1918, should never be announced to the Internet. 
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BGP Filters—Return Traffic Issue 


Another 
Customer Upstream AS 


Multihomed 
Customer 


* Customers can influence only their outgoing traffic, not 
the return traffic. 


* Return traffic can take any path—backup ISP 
must also perform proper route selection. 
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The customer can easily define a policy about how to send outgoing IP packets on the correct 
link. It is much harder to influence the neighboring AS about how to direct the IP packets 
coming into the customer network. 


A customer who creates a routing policy where one of the two ISPs is always the preferred may 
see that the return traffic is arriving on what the customer thought was the backup link. This 
situation means that the customer has configured the weight or local preference to make sure 
that all outgoing traffic is leaving the customer AS over the primary link, but the backup ISP 
does not have any such configuration. Therefore, return traffic enters the customer AS by using 
the shortest AS path as its selection criterion. 


The best way to solve this problem is for the customer to ask the backup ISP to change its 
routing policy. The change should cause the backup ISP to prefer reaching the customer AS via 
the AS of the primary ISP. The backup ISP must implement this change in its own AS. 


Note Sometimes the backup ISP administrator could be reluctant to change the configuration for a 
single customer. In this case, the customer should use another BGP feature, the AS-path 
prepending tool, to influence the selection of the primary or backup link by lengthening the 
AS path of routes that are sent to the backup provider. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


¢ Companies offering mission-critical business services 
over the Internet have concluded that the expected loss 
of business because of an unexpected disconnection 
from the Internet is larger than the price of having 
redundant connections. 


The multihomed customer network must exchange BGP 
information with both ISP networks. Dynamic routing is 
required for full redundancy, and BGP is the only 
protocol available that can be used in this scenario. 


A simple-minded approach to multihoming can be a 
source of many problems: Starting BGP sessions and 
announcing customer networks to multiple ISPs by 
using the default behavior of BGP might cause 
undesirable results. 
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Summary (Cont.) 


° Establishing a routing policy that gives optimal routing to 
each and every destination on the Internet is virtually 
impossible. Optimization should be done with the most 
common destinations in mind. 


A routing policy may be created that gives precedence to 
reaching destinations within the AS of the primary ISP 
and all upstream autonomous systems over the primary 
link and destinations within the AS of the backup ISP 
over the backup link. 


When BGP has selected the best path and the 
information has been propagated to all neighboring 
autonomous systems, the customer AS may become a 
transit AS between the two ISPs. The customer must 
avoid this situation by using BGP filters. 
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References 


For additional information, refer to this resource: 


m= For more information on multihomed networks using BGP, refer to “Sample Configuration 
for BGP with Two Different Service Providers (Multihoming)” at the following URL: 
http://www.cisco.com/warp/public/459/27.html 


Next Steps 
For the associated lab exercise, refer to the following section of the course Lab Guide: 


m Lab Exercise 3-1: Using Multihomed BGP Networks 
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Employing AS-Path Filters 


Overview 


BGP allows connectivity between multiple ISPs for redundancy and scalability. AS-path filters 
are employed by service providers to remedy the problems that are associated with the various 
connectivity methods that are used within BGP. This lesson explains the methods that are used 
to implement BGP AS-path filters. 


Relevance 


In network implementations that require connections to multiple ISPs, network operators 
typically use AS-path filters to influence BGP route selection. It is important for a network 
administrator to understand the syntax of an AS-path regular expression and how string- 
matching operators function when they are using AS-path regular expressions to match BGP 
routes. 


Objectives 


Upon completing this lesson, you will be able to describe the use of AS-path filters. This 
includes being able to meet these objectives: 


m™ Identify network scenarios where you must support connections to multiple ISPs and where 
AS-path filters can be used to influence route selection 


m Describe the purpose of an AS-path regular expression 


m™ Describe how string-matching operators function when you are using AS-path regular 
expressions to match BGP routes 


m= Identify where you can apply an AS-path filter when configuring a router to influence route 
selection 


m Identify the Cisco IOS commands that are required to configure AS-path filters to influence 
route selection 


m Identify the Cisco IOS commands that are required to monitor the operation of configured 
AS-path filters 
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Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 

° Overview 

° AS-Path Filtering Scenarios 

* AS-Path Regular Expressions 

° String Matching 

° Applying AS-Path Filters 

¢ Configuring BGP AS-Path Filters 
° Monitoring AS-Path Filters 


° Summary 
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AS-Path Filtering Scenarios 


This topic identifies network scenarios that require connections to multiple ISPs where route 
selection must be influenced with AS-path filters. 


AS-Path Filtering Scenarios 


Several scenarios require BGP route filtering 
based on AS path. 


¢ Announce only local routes to the ISP—AS path 
needs to be empty. 


* Select routes based on a specific AS number in the 
AS path. 


* Accept routes for specific AS only from some BGP 
neighbors. 


AS-path filters use regular expressions. 
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Several scenarios require filtering and selection of routing information, based on the content of 
the AS-path attribute. Each BGP route must have an AS-path attribute. It is a well-known 
mandatory attribute and must therefore be present in each BGP update. 


Using selection criteria that are based on the AS-path attribute, a router can identify a set of 
specific routes from the total set of routes that it receives. Those routes where the AS-path 
contents match the criteria are selected. Routes that do not match the criteria are not selected. 


The AS path is a sequence of numbers. Each number indicates an AS. When a route is sourced 
by means of a network command in a BGP process or redistribution into a BGP process, the 
AS-path attribute is created and left empty. Each time that the route is advertised by an egress 
router to another AS, the AS-path attribute is modified by the egress router, which prepends its 
AS number to the AS-path attribute. 


While a newly sourced route is still within the AS in which it was created, the AS path is 
empty. When the AS has a requirement to filter out all but the routes that are local to itself 
before sending them to a neighboring AS, it will permit sending of the routes with the empty 
AS path and will deny all others. 


Routers can also filter incoming routes based on their AS-path attributes. Some destination 
autonomous systems should not be received from a certain neighbor. Therefore, those routes 
matching that AS in the AS path can be filtered on the receiving router in case they are 
accidentally sent. 
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Selection based on the AS path is also a tool that you can use when changing the weight or 
local preference attributes for some destination autonomous systems but not for others. 


When routers filter BGP updates based on the content of the AS-path attribute, they use regular 
expressions. Regular expressions are commonly found in the UNIX environment and also in 
some Windows-based applications. They are a string-matching tool. A regular expression 
consists of a string of characters. Some of them have special meanings, such as to function as 
wildcards and operators, and some of them simply mean themselves, for example, A-Z, a-z, or 
0-9. A regular expression is said to match a string if the ordinary characters and the applied 
meaning of the special operator characters can be translated into the matched string. When a 
regular expression matches, the selection test is said to be true. If it does not match, the test is 
false. 
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AS-Path Regular Expressions 


This topic describes the function of an AS-path regular expression. 


AS-Path Regular Expressions 


a7 | at | 23 | si7] 223 


AS-path converted to string 


|27 31 23 317 223| 


String matched with regexp 


ip as-path access-list 1 permit 31 


The AS-path attribute carried with all BGP routes in a BGP update is a very compact binary 
encoding of a sequence of integer numbers. It is not a sequence that can be tested by using a 
regular expression. 


Cisco IOS software internally translates the binary encoding into a character string. Each AS 
number in the sequence is converted into a string using decimal representation. The space 
character separates each AS number in the AS-path attribute. The router applies the regular 
expression test to this internally created character string. 


Characters in a regular expression that are not assigned a specific operation match themselves. 
The regular expression “31” matches all occurrences of the character “3” followed by the 
character “1” in the AS path. In this example, “31” matches at two occurrences. One 
occurrence is sufficient to make the test true. No occurrence means that the test failed. 
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String Matching 


This topic describes how string matching functions when you are using AS-path regular 
expressions to match BGP routes. 


String Matching—Regular Expressions 


A string of characters in a regular expression 
matches any equivalent substring in the AS path: 


How many times does 31 match? 
|213 317 2316 31| 


Answer: 
| 213 317 2316 31| 


The regular expression “31” will match any occurrence of “3” followed by “1”, regardless of 
the characters immediately preceding the “3” and immediately following the “1”. So “31” will 
match an occurrence of “3” and “1” in the middle of an AS number. 


The regular expression “31” matches the AS-path string “213 317 2316 31” three times, 
because “31” matches a part of “317”, “2316”, and “31”. 
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String Matching—Alternatives 
———————— nn Cairns 


Expression 

exprijexpr2 

matches the string if either subexpression matches 
the string: 


How many times does 21|31 match? 
|213 317 2316 31| 


Answer: 
|213 317 2316 31| 
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The character “|,” a vertical bar, has a special meaning. It is an operator that means “or.” The 
regular expression “21/31” matches the sequence of “2” followed by “1” or the sequence of “3” 
followed by “1”. So, this sample regular expression will match a two-character sequence: the 
“21” or the “31”. 


The regular expression “21|31” matches the AS-path string “213 317 2316 31” four times, 
because “21” matches a part of “213” and “31” matches a part of both “317” and “2316” as 
well as “31”. 
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String Matching—Ranges and Wildcard 


Characters 
————— ST] 


A range of characters matches any single character 
in the range: 
examples: [1234] or [1-4] 


dot (.) matches any single character 


How many times does [1-3].[34] match? 
|213 317 2316 31| 


Answer: 
|213 317 2316 31| 


|213 317 2316 31| 


The pair of brackets “[” and “]” has a special meaning. They surround a set of characters of 
which any one matches. The set of characters is either expressed as the list of them (for 
example, “[1234]”) or the sequence with the starting character, a hyphen, and the ending 
character (for example, “[1-4]”). Both examples match one single character, which must be any 
one in the set of the four characters “1”, “2”, “3”, and “4”. 


The character “.”, a dot, matches any single character. Small regular expressions can be 
combined into a larger expression. Such a combination is matching if all of the parts match one 
after the other. The sample regular expression “[1-3].[34]” matches a sequence of three 
characters, of which the first must be either “1”, “2”, or “3”, the second character can be any 
character, and the third must be either “3” or “4”. 


Note The space character delimiting two AS numbers is just a character. The dot, “.”, for example, 
matches it. 


The regular expression “[1-3].[34]’ matches the AS-path string “213 317 2316 31” twice. 
Initially, it matches “213”. The leading “[1-3]” matches the leading “2”. The dot, which 
matches any character, matches the “1”, and “[34]” matches the trailing “3”. Secondly, the 
regular expression also matches in “213 317 2316 31”. This is a little harder to see, because the 
dot, “.”, matches the space character between “213” and “317”. 
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String Matching—Matching Delimiters 


matches beginning of string 

matches end of string 

matches any delimiter (beginning, end, 
white space, tab, comma) 


How many times does “21, 31$, 31_ match? 
|213 317 218 31 731| 


Answer: 
| 213 317 218 31 731| 
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A character string must have a start and an end. The character with the special meaning “” 
matches the beginning of a string. Because all strings have a beginning, it matches all strings. 
However, it is used to position the following part of the regular expression. The character 
following the “A” character must be the first character of the string; otherwise, it would not 
match the beginning of the string. 


The special character “$” is used analogously, but it means the end of the string. The character 
preceding the “$” must be the last character in the string; otherwise, the “$” does not match the 
end of string. 

Underscore, “_”, matches any delimiter. The space character between two AS numbers is an 
example of a delimiter. The beginning of the string and the end of the string are also considered 
delimiters. Other delimiters are the tab and the comma. Underscore, “_”, is used to make sure 
that the desired AS number is found in an AS-path string, but not as part of some other AS 
number. For example, the regular expression “31” will match the AS number string “317”, but 
the regular expression “_31_” will not. Both “31” and “_31_” will match the AS number string 
“31”. 


The regular expression “21” can match the AS-path string “213 317 218 31 731” only one 
time because there is only one beginning of the string. It matches only if the string starts with 
the sequence “21”, which it does. 


The regular expression “31$” can match the AS-path string “213 317 218 31 731” only one 
time because there is only one end of the string. It matches only if the string ends with the 
sequence “31”, which it does. 


The regular expression “_31_” can, in theory, match an AS-path string several times. However, 
in this case, when matched against the string “213 317 218 31 731”, it matches only the AS 
number “31” in the AS path. 
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String Matching—Grouping 


Parentheses can be used to group smaller regular 
expressions into larger expressions. 


How many times does (213|218) 31 match? 
|213 317 1218 316 31| 


Answer: 
|213 317 1218 316 31| 
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Complicated expressions must sometimes be grouped with parentheses, “(” and “)”. This 
feature can be useful when you are searching for a sequence of two or more AS numbers of 
which the first can match any of the specific autonomous systems (in this example, “213” or 
“218”), but the last must be a specific AS (“31” in this example). If the parentheses were not 
used here, the expression would match either the single AS “213” or the sequence of the two 
“218 31”. 


The regular expression “(213|218)_31” matches the AS-path string “213 317 1218 316 31” 
twice. The first match is “213 317 1218 316 31”, and the second match is “213 317 1218 316 
31”. 


3-26 Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


String Matching—Special Characters 
ee Oe | 


\ To use the special characters as single-character 
patterns, remove the special meaning by preceding 
each character with a backslash (\): 


How do you match AS 213 in beginning of string? 
| (213 317) 1218 316 31| 


Answer: 
ae os lc 
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Sometimes the target string that you are trying to match with a regular expression contains 
some of the characters that also have special meanings in the regular expression. To match 
these characters in the target string, use the “\” together with the character in the regular 


expression. 

Note This type of regular expression syntax is used for matching AS-path strings inside a BGP 
confederation. A confederation is used to eliminate the scaling problem of full-mesh IBGP by 
splitting the AS into smaller regional autonomous systems. The above example shows that 
213 and 317 were part of a confederation by its use of “(“ and “)”. Confederations are 
explained further in the module “Scaling Service Provider Networks.” 
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String Matching—Repeating Operators 


matches zero or more atoms 
matches zero or one atom 
+ matches one or more atoms 


An atom is a single character or a grouping. 


How do you match AS sequences “23 45” and 
“23 78 45” in single regular expression? 


Answer: 
-23(- 78)? 45 _ 
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The special characters, star (asterisk), “*”, question mark, “?”, and plus, “+”, all apply 
repetition of the expression that immediately precedes it. 


The star (asterisk), “*”, means that the expression that immediately precedes it is repeated zero 
or more times. This means that the expression may not be there, but it may also be there any 
number of times. The expression “1*” will match a sequence of no characters or a sequence of 
any number of the character “1”. 


Question mark, “?”, means that the expression that immediately precedes it is repeated zero or 
one time. This means that the expression may not be there, but it may also be there once. The 
expression “1?” will match a sequence of no characters or the single character “1”. 


Plus, “+”, means that the expression that immediately precedes it is repeated one or more times. 
This means that the expression must be there at least once. The expression “1+” will match a 
sequence of one or more of the character “1”. 
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Example 


String Matching—Sample Regular 


Expressions 
Dr | 


_100_ Going through AS 100 

4100$ Directly connected to AS 100 
_100$ Originated in AS 100 

4100_. Networks behind AS 100 

A [0-9]+$ AS paths one AS long 


A([0-9]+)(_\1)*$ Prepending performed in neighboring 
originating AS 


A$ Networks originated in local AS 
‘a Matches everything 
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Regular expressions can be arbitrarily complex. However, most searching is accomplished 
using regular expressions similar to those in the following examples: 


m If you are searching for all routes that have AS 100 in their AS paths, the regular 
expression to use is “_100_”. 


m If you are searching for all routes that are sourced in your directly connected neighboring 
AS 100, the regular expression to use is “100$”. Use an expression with both “” and “$” 
present when you are searching for an exact match. 


m If you are searching for all routes that are sourced in AS 100, but that AS is not necessarily 
a directly connected neighboring AS, the regular expression to use is “_100$”. The “$” 
indicates that the AS path must end with AS 100. This is an indication that the route was 
sourced in AS 100. The underscore, “_”, is used to make sure that it is AS 100 at the end of 
the string and not, for example, AS 2100. 


m If you are searching for all the routes that are reachable behind AS 100, the regular 
expression to use is “A100_.”. The “A” indicates that the AS path must start with AS 100. 
The underscore, “_”, is used to make sure that it is not matching with, for example, AS 
1001. The dot, “.”, is used to indicate that the AS path does not end with AS 100, and that 
there must be something following AS 100. 


m If you are searching for all routes that are sourced in any AS directly neighboring your AS, 
the regular expression to use is “/[0-9]+$”. The “[0-9]” part means any digit. The repetition 
sign plus, “+”, means one or more times. Therefore, the combination “[0-9]+” means a 
sequence of one or more of digits. The “/”” and “$” mean the beginning and the end of the 
string. So, the string may consist only of a sequence of one or more digits. That is one 
single AS number. 
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If you are searching for all routes that are sourced in any AS directly neighboring your AS, 
and possibly performing AS-path prepending (multiplication of a directly connected AS 
number), the regular expression to use is “A({0-9]+)(_\1)*$”. The expression in the first set 
of parentheses matches any AS number. The parentheses store the value of the matched 
AS, and this value is then recalled by the second part of the regular expression, including a 
variable. The variable “\1” is put into parentheses for the purpose of the multiplier operator 
“*” meaning that this part can match any number of successive occurrences of the same 
AS number that was matched by the “[0-9]+” expression. For example, this regular 
expression matches AS paths “99 99 99”, “200”, “101 101”, or “555 55”, but it does not 
match the AS path “101 99”. 


The combination “$” means an empty string and is used when you are searching for all 
routes that are sourced in the local AS. 


Sometimes a search is made to select a few specific routes and do something special with 
them, while the rest of the routes will be handled in a different way. To search for all 
routes, regardless of the content of their AS-path attribute, use the regular expression “.*”. 
The dot, “.”, matches any single character. The repetition character, star (asterisk), “*”, 


means that the match should be repeated zero or more times. Thus, the combination, “.*”, 
matches any string. 


The most commonly used characters in expressions are as follows: 


— . any single character, including space 


— * zero or More sequence of pattern 
— + one or more sequence of pattern 
— ? zero or one occurrences of pattern 
— A beginning of string 

— § end of string 


— match any delimiter (including beginning, end, space, tab, comma) 


— \ remove special meaning of character that follows 
a [ ] match one character in a range 
— | logical OR 
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Applying AS-Path Filters 


This topic identifies where you can apply an AS-path filter when configuring a router to 
influence route selection. 


Applying AS-Path Filters 


Incoming neighbor Outgoing neighbor 


filter-list in filter-list out 


002G_182 
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AS-path filters that are configured on a router select those routes that are allowed. Routes that 
are selected behave as follows: 


m They enter the local BGP table when the selection is applied on the incoming routes from a 


neighbor; routes that are not selected are silently dropped. 


They are transmitted to the neighbor when the selection is applied on the outgoing routes to 
the neighbor; routes that are not selected are used locally but are never sent to the neighbor. 
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Configuring BGP AS-Path Filters 


This topic identifies the commands that you can use to configure AS-path filters to influence 
route selection. 


Configuring BGP AS-Path Filters 
a ee ed 


router (config) # 


ip as-path access-list number {permit |deny} regexp 


¢ Configures AS-path access-list 


router (config-router) # 


neighbor ip-address filter-list as-path-filter {in|out} 


* Configures inbound or outbound AS-path filter for 
specified BGP neighbor 
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An AS-path filter is created by an AS-path access-list. This access-list is applied to a set of 
routes from which to select a subset. Routes that are permitted by the access-list are included in 
the subset, and those that are denied are not included. As in all access-lists, the candidate to be 
permitted or denied membership in the subset is tested against all the lines in the access-list, in 
the order in which the list is configured. The first match indicates “permit” or “deny,” as 
specified. If the end of the access-list is reached without any explicit match, the candidate is 
implicitly denied. 


The test by the AS-path access-list is performed by using regular expressions that are applied 
on the AS-path attribute of the route. 


The access-list can, for example, be applied on the routes received from, or those sent to, a 


specific BGP neighbor. 
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ip as-path access-list 
To define a BGP AS-path access-list, use the ip as-path access-list global configuration 
command. 


m™ ip as-path access-list access-list-number {permit | deny} as-regular-expression 


To disable use of the access-list, use the no form of this command. 


™ no ip as-path access-list access-list-number {permit | deny} as-regular-expression 


Syntax Description 


Parameter Description 

access-list-number Integer from 1 to 199 that indicates the regular expression 
access-list number 

permit Permits access for matching conditions 

deny Denies access to matching conditions 

as-regular-expression AS in the access-list using a regular expression—see the 


“Regular Expressions” appendix in the Cisco [OS Dial Services 
Command Reference for information about forming regular 
expressions 


neighbor filter-list 
To set up a BGP filter, use the neighbor filter-list router configuration command. 


m neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out} 


To disable this function, use the no form of this command. 


= no neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out} 


Syntax Description 


Parameter Description 
ip-address IP address of the neighbor. 
peer-group-name Name of a BGP peer group. 
access-list-number Number of an AS path access-list. Define this access-list with the 
ip as-path access-list command. 
in Access list to incoming routes. 
out Access list to outgoing routes. 
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Configuring BGP AS-Path Filters (Cont. 


Internet 


Service Provider #1 


Multi-homed 
Customer 


router bgp customer-as 
neighbor IsP-router filter-list 1 out 
! 


ip as-path access-list 1 permit “*$ 
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Multihomed customers do not want to act as a transit AS between their service providers. The 
customer avoids this situation by not transmitting all its routes to its service providers. The 
service providers send IP packets to the customer only if the IP packets have destination 
addresses that match one of the routes that the customer has sent by BGP to the service 
provider. By making sure that only locally sourced routes are sent, the customer avoids 
receiving IP packets for destinations outside its own AS. 


Within the customer AS, the locally sourced routes have empty AS paths. The empty string is 
matched by the regular expression “\$”. The command ip as-path access-list 1 permits only 
those routes that are locally sourced and implicitly denies the rest. By applying this filter-list on 
outgoing information to all neighbors, the customer will announce local routes only. 
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Monitoring AS-Path Filters 


This topic identifies the Cisco IOS commands that are required to monitor the operation of 
configured AS-path filters. 


Monitoring AS-Path Filters 
eed 


router# 


show ip as-path-access-list [filter-list] 


* Displays one or all filter lists 


router# 


show ip bgp filter-list access-list-number 


* Displays all routes in the BGP table permitted by the 
specified AS-path access-list 


router# 


show ip bgp regexp regular-expression 


* Displays all routes in the BGP table matching regular- 
expression 
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Because regular expressions sometimes get complex, thorough testing of them is required. Use 
the show ip bgp regexp command to test a regular expression that is typed in on the command 
line. The result is a printout on the screen of all those routes currently in the BGP table that had 
an AS-path attribute matching the typed-in regular expression. 


An AS-path access-list is even more complex because it is a combination of several regular 
expressions. There is one expression on each access-list line. Use the show ip bgp filter-list 
command to test the entire AS-path access-list. The result is a printout on the screen of all those 
routes currently in the BGP table that had an AS-path attribute permitted by the access-list. 


show ip bgp regexp 


To display routes that match an AS-path regular expression, use the show ip bgp regexp 
privileged EXEC command. 


m= = show ip bgp regexp regular-expression 


Syntax Description 


Parameter Description 


Regular expression to match the BGP AS paths 


regular-expression 
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show ip bgp filter-list 
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To display routes that conform to a specified filter-list, use the show ip bgp filter-list 
privileged EXEC command. 


m= show ip bgp filter-list access-list-number 


Syntax Description 


Parameter Description 


Integer from 1 to 199 that indicates the regular expression 
access-list number 


access-list-number 


Monitoring AS-Path Filters (Cont.) 


* Displaying configured filters: 


router# show ip as-path-access-list 

AS path access list 6 
permit “S$ 

AS path access list 7 
deny 213 
permit .*_ 

AS path access list 
permit 214 

AS path access list 
permit 42_ 

AS path access list 
deny _22 | _51$ 
permit .* 
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The show ip as-path-access-list command displays a specific access-list or all AS-path access- 
lists in the router. 


Configuring BGP on Cisco Routers (BGP) v3.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Monitoring AS-Path Filters (Cont.) 


* Routes matched by a filter-list: 


permit 42 


Network 
128.37.0.0 
128.42.0.0 
192.26.11.0 
192.37.11.0 
192.42.11.0 


Next Hop 


192. 
192. 
192. 
192. 
192. 


168.21.2 
168.21.7 
168.20.20 
168.20.20 
168.20.20 


router# show ip as-path-access-list 25 
AS path access list 25 


router# show ip bgp filter-list 25 
BGP table version is 81, 
Status codes: s suppressed, d damped, h history, 
Origin codes: i - IGP, e - EGP, 


Metric LocPrf Weight 


ie) 
ie) 
ie) 


? - incomplete 


100 


local router ID is 197.6.2.1 
* valid, > best, i - internal 


Path 

(65002 65003 65004) 99 2 20 42 37 i 
(65002 65003 65004) 99 7 20 42 i 

20 42 26i 

20 42 37 i 

20 42 i 


0026_186 
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The AS-path access-list number 25 in this example consists of one single line. It permits those 
routes that have an AS-path attribute containing the AS number 42. All other routes are 


implicitly denied. 


The show ip bgp filter-list command is used to display all the routes currently in the BGP table 
that are permitted by AS-path access-list 25. It will show all the routes with AS 42 somewhere 


in their AS paths. As a result of configuring BGP confederations, the AS path contains some 
AS numbers enclosed in parentheses. BGP confederations and their usage are explained in a 


later module. 
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Monitoring AS-Path Filters (Cont.) 


¢ Routes matched by an expression: 


Status codes: 
Origin codes: 


Network 
128. 
128. 
128. 
128. 
128. 
128. 
128. 


Next Hop 
192. 
192. 
192. 
192. 
192. 
192. 
192. 


router# show ip bgp regexp “\(65002_ 

BGP table version is 85, local router ID is 197.6.2.1 
s suppressed, d damped, h history, 
i - IGP, e - EGP, 


168. 
168. 
168. 
168. 
168. 
168. 
168. 


? - incomplete 


Metric LocPrf Weight 
fs 0 (65002 


100 
100 
100 
100 
100 
100 


* valid, > best, i - internal 


Path 


(65002 
(65002 
(65002 
(65002 
(65002 
(65002 


65004) 
65004) 
65004) 
65004) 
65004) 
65004) 
65004) 
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The show ip bgp regexp command displays all routes currently in the BGP table that have an 
AS-path attribute that matches the typed-in regular expression. In this example, BGP 
confederations, a scalability feature, are in use. It is the AS-path regular expression that is 


important in this example. 


In the example, you wish to find all BGP confederation routes from AS number 65002. To 
search for this character in the beginning of the string, use the character “\”, the backslash. The 
regular expression “4\(65002” matches all the routes that are received from the intra- 


confederation AS number 65002. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
I 3 


* By applying specific selection criteria to the 
contents of the AS-path attribute, routers can 
select a subset of routes from the total set of 
routes that are received. 


* Cisco IOS software internally translates the AS- 
path encoding, which is carried with all BGP routes 
into a character string. This string is then tested 
against the regular expression. 


° String matching operates when you are using AS- 
path regular expressions to match BGP routes. 
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Summary (Cont.) 


¢ You can use AS-path filters to select those routes 
that will be allowed. 


¢ An AS-path filter is created by an AS-path access- 
list, which is applied to a set of routes from which 
to select a subset. 


* Because regular expressions sometimes get 
complex, thorough testing of them is required. 
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References 


For additional information, refer to these resources: 


m= For more information on regular expressions, refer to “Using Regular Expressions in BGP” 
at the following URL: http://www.cisco.com/warp/public/459/26.html 


m= For more information on AS-path filters, refer to “BGP Case Studies 3” at the following 
URL: http://www.cisco.com/warp/public/459/bgp-toc.html 


Next Steps 
For the associated lab exercise, refer to the following section of the course Lab Guide: 


m Lab Exercise 3-2: Employing AS-Path Filters 
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Filtering with Prefix-Lists 


Overview 


Influencing route selection or enforcing administrative policies with packet filtering is common 
in network designs where customers connect to the Internet. In multihomed customer 
implementations where BGP is used, using access-lists to filter the large number of advertised 
routes can create performance bottlenecks. Prefix-lists offer a significant performance 
improvement over access-list filtering in loading and route lookup in large lists. 


This lesson discusses the requirement for using prefix-based filters in customer 
implementations where connections to multiple ISPs must be supported, and discusses the 
benefits of using prefix-lists versus IP access-lists. The commands to apply filtering of inbound 
or outbound updates with prefix-lists and to configure prefix-list filters will be discussed, as 
well as where network administrators should apply them. 


Relevance 


Where multiple paths between a customer and ISP exist, there is a requirement to filter certain 
information during BGP updates to influence route selection or to enforce an administrative 
policy. To meet this requirement, you must use filters. There are requirements for using prefix- 
based filters in these circumstances. Using prefix-lists is typically easier than using standard IP 
access-lists, and provides performance benefits. It is important to understand the commands to 
apply filtering of inbound or outbound updates with prefix-lists and where they should be 
applied. 
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Objectives 


Upon completing this lesson, you will be able to describe the use of prefix-list filters. This 
includes being able to meet these objectives: 


m= Identify the requirement for prefix-based filters in customer implementations where you 
must support connections to multiple ISPs 


m List the benefits of prefix-lists versus IP access-lists and describe the applications of prefix- 
lists in BGP networks 


m™ Identify the Cisco IOS command that is required to configure prefix-list filters 
m Describe where you can implement prefix-lists in a BGP network 


m Identify the Cisco IOS commands that are required to apply filtering of inbound or 
outbound updates with prefix-lists 


m Identify the Cisco IOS commands that are required to modify configured prefix-list filters 


m Identify the Cisco IOS commands that are required to monitor the operation of configured 
prefix-list filters 


Learner Skills and Knowledge 
To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m= Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
pee Cisco.com | 


° Overview 
¢ Requirements for Prefix-Based Filters 
* Prefix-Lists vs. IP Access-Lists 


* Configuring Prefix-Lists 


° BGP Filters Implementation 

° Implementing Prefix-Lists in the BGP Process 
* Modifying Prefix-Lists 

* Monitoring Prefix-Lists 

° Summary 
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Requirements for Prefix-Based Filters 


This topic identifies the requirement for prefix-based filters in network implementations where 
multiple connections between a customer and ISPs exist. 


Requirements for Prefix-based Filters 


Internet 


Service Provider #1 


Multihomed 
Customer 


se es max Service Provider #2 


Network=10.0.0.0/8 
AS-Path=123 


* Service providers have to filter customer updates to 
ensure that the customers announce only their assigned 
address space. 
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Customers with multihomed networks are responsible for announcing their own networks using 
BGP. Typically, customers are not as experienced with BGP as service providers, and therefore 
problems are more likely to occur. A service provider with a multihomed customer must take 
precautions not to accept, use, or forward any erroneous routing information that is received 
from the customer. 


The customer is assigned a set of IP network numbers that it should announce. If the customer 
announces any additional networks, something is wrong. The customer may have forgotten not 
to act as a transit AS and has started propagating routes that it has received from the other 
service provider. Or, the customer has accidentally started to announce its private address 
space, which the customer may use for address links, loopback interfaces, or other devices that 
should never access the Internet. 


To avoid problems, the service provider can apply an IP prefix filter on the incoming 
information from the customer. The service provider will accept only network numbers 
permitted by an access-list or prefix-list. 
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Prefix-Lists vs. IP Access-Lists 


This topic lists the benefits of prefix-lists versus IP access-lists and describes the applications 
of prefix-lists in BGP networks. 


Prefix-Lists vs. IP Access-Lists 


Traditional Prefix Filters 


° Traditional IP prefix filters were implemented with 
IP access-lists configured with the distribute-list 
command. 


¢ IP access-lists used as route filters have several 
drawbacks: 
— Subnet mask cannot be easily matched. 


— Access-lists are evaluated sequentially for every IP prefix in 
the routing update. 


— Access-lists are hard to edit. 
— Extended access-lists can be cumbersome to configure. 


Traditionally, filtering of IP network numbers has been accomplished using an access-list. The 
access-list is then bound to either the incoming or outgoing information of a neighbor by the 
neighbor distribute-list command. A BGP update about a network number that is permitted by 
the access-list will be accepted, and those denied will be dropped. 


However, standard access-lists do not support the testing of the subnet masks. If the access-list 
permits 10.0.0.0/16, it would also permit 10.0.0.0/8. 


Extended access-lists can do testing on both an IP network number and a subnet mask, but the 
syntax is cumbersome. 


Lastly, access-lists are hard to edit. The router will automatically add new access-list entries to 
the end of the list. Because the router evaluates the list sequentially, and the first match results 
in a “permit” or “deny,” the order of the lines in the access-list is of utmost importance. The 
inability to add a line in the middle of a list has been an administrative burden. 
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Prefix-Lists vs. IP Access-Lists (Cont) 


Prefix-Lists 
° New route-filtering mechanism 


° Significant performance improvement on long 
filters 


— Inside Cisco IOS software, the prefix-list is a tree structure 
and is not scanned sequentially. 


* Support for incremental updates 
— Individual entries in prefix-lists can be inserted or deleted. 
* More user-friendly command-line interface 


— The command-line interface for using access-lists to filter 
BGP updates is difficult to understand and use, because it 
uses the packet filtering format. 


° Greater flexibility; can match on subnet masks 


BGP v3.1—3-5 


The ip prefix-list configuration command has several benefits compared to using the access- 
list command. The intended use of prefix-lists is limited to route filtering, whereas access-lists 
were initially intended for packet filtering, which was then extended to filter routes. 


The prefix-list is internally transformed into a tree structure, with each branching of the tree 
serving as a test. The Cisco IOS software determines a verdict of either “permit” or “deny” 
much faster this way, compared to sequentially interpreting an access-list. 


The configuration command-line interface (CLI) that you use when configuring the ip prefix- 
list provides the ability to assign a line number to each line of the prefix-list. The router will 
use this number to sort the entries in the prefix-list. If the lines are initially assigned line 
numbers, with some spacing in between them, administrators can insert additional lines at a 
later time. Individual lines can also be removed without removing the entire list. 


Routers match network numbers in a routing update against the prefix-list using as many bits as 
indicated. For example, a prefix-list can be specified to be 10.0.0.0/16, which will match 
10.0.0.0 routes but not 10.1.0.0 routes. 


Optionally, the prefix-list can also specify the size of the subnet mask. In addition, the prefix- 
list can indicate that the subnet mask must be in a specified range. 
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Prefix-Lists vs. IP Access-Lists (Cont) 


° Key access-list features are preserved: 
—Filtering using “permit” or “deny” 
— Order dependency (first match wins) 
— Security-focused: no match means “deny” 


° The matching mechanism has changed 


—Matches routes in a part of address space with 
subnet mask longer or shorter than a set 
number 


The prefix-list has several similarities with the access-list. It can consist of any number of lines, 
each of which indicates a test and a result. The router can interpret the lines in the specified 
order, although this is optimized in the Cisco IOS software. When a router evaluates a route 
against the prefix-list, the first line that matches will result in either a “permit” or “deny.” If 
none of the lines in the list match, the result is “implicitly deny.” 


Testing is done using prefixes. The indicated number of bits in the prefix is compared with the 
same number of bits in the network number in the update. If they match, testing continues with 
an examination of the number of bits set in the subnet mask. The prefix-list line can indicate a 
range in which the number must be to pass the test. If no range is indicated, the subnet mask 
must match the prefix size. 
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Configuring Prefix-Lists 


This topic identifies the Cisco IOS command that is required to configure prefix-list filters. 


Configuring Prefix-Lists 


router (config) # 


ip prefix-list list-name [seq seq] {permit |deny} 
network/len [ge value] [le value] 


° Prefix-lists have names and sequence numbers 
(like route maps) 


° An entry with no le or ge parameter matches 
exactly the specified prefix 


° An entry with an le or ge parameter matches any 
route within the address space of address/prefix 
with prefix longer or equal to ge va/ue and 
shorter or equal to le value. 


ip prefix-list 


To create an entry in a prefix-list, use the ip prefix-list global configuration command. To 
delete the entry, use the no form of this command. 


= ip prefix-list list-name [seq seq-value] {permit | deny} network/len [ge ge-value] [le le- 
value] 


= no ip prefix-list list-name [seq seq-value] {permit | deny} network/len [ge ge-value] [le 
le-value] 
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Syntax Description 


Parameter 


list-name 


Description 


Name of a prefix 


seq 


(Optional) Applies the sequence number to the prefix 


seq-value 


(Optional) Specifies the sequence number for the prefix 


permit Permits access for matching conditions 

deny Denies access to matching conditions 

network/len (Mandatory) The network number and length (in bits) of the 

network mask 

ge (Optional) Applies the ge-value to the range 
specified 

ge-value (Optional) Specifies the lesser value of a 
range (the "from" portion of the range 
description) 

le (Optional) Applies the le-value to the range 
specified 

le-value (Optional) Specifies the greater value of a 


range (the "to" portion of the range 
description) 


When multiple entries of a prefix-list match a given prefix, the sequence number of a prefix-list 
entry identifies the entry with the lowest sequence number. In this case, the entry with the 
smallest sequence number is considered to be the “real” match. 


Note You can specify sequence values for prefix-list entries in any increments that you want (the 
automatically generated numbers are increased in units of 5). If you specify the sequence 
values in increments of 1, you will not be able to insert additional entries into the prefix-list. If 
you choose very large increments, you could run out of sequence values. 


You can use the parameters ge and le to specify the range of the prefix length to be matched for 
prefixes that are more specific than network/len. The exact match is assumed when neither ge 
nor le is specified. The range is assumed to be from ge-value to 32 only if the ge attribute is 
specified. The range is assumed to be from len to le-value only if the le attribute is specified. 
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Configuring Prefix-Lists (Cont.) 


Prefix-List Matching Rules 
* Prefix-list entries with no ge or le option match only 
the specified route 
— Similar to IP access-lists with no wildcard bits. 
— The matching process also considers subnet mask. 


Which of the following routes will be matched by: 
ip prefix-list MyList permit 192.168.0.0/16 ? 


Nae eer X192.168.0.0/20 @MK192.168.2.0/24 
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Prefix-list entries without the ge or le option match only the route with the specified IP address 
and subnet mask. In the example here, the prefix-list entry permit 192.168.0.0/16 will not 
match the route 192.168.2.0/24 because of the mismatch in the IP address. It will also not 
match the route 192.168.0.0/20 because of the mismatch in the subnet mask. 
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Configuring Prefix-Lists (Cont.) 


° A prefix-list entry with ge or le option matches any 
prefix within specified address space where the 
subnet mask falls within specified limits. 


Which of the following routes will be matched by: 


ip prefix-list MyList permit 192.168.0.0/16 le 20? 


V 192.168.0.0/16 V192.168.17.0/20 X192.168.2.0/24 


ip prefix-list MyList permit 192.168.0.0/16 ge 18? 


X 192.168.0.0/16 V192.168.17.0/20 V192.168.2.0/24 


Prefix-list entries with the ge or le option specified match any prefix within the address space 
that is specified by the network/len parameter, as long as the subnet mask length of the route 
falls within the range that is specified by the le and ge parameters. 


In the first example in the figure, the route 192.168.2.0/24 is not matched by prefix-list entry 
permit 192.168.0.0/16 even though the IP address falls within the specified address range, 
because the subnet mask is too long. 


In the second example, the route 192.168.0.0/16 is not matched by prefix-list entry permit 
192.168.0.0/18 because the subnet mask is too short. 
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Example 


Configuring Prefix-Lists icone) 


What will be matched by? 
a) ip prefix-list A permit 0.0.0.0/0 ge 32 
ip prefix-list B permit 128.0.0.0/2 ge 17 
c) ip prefix-list C permit 0.0.0.0/0 le 32 
ip prefix-list D permit 0.0.0.0/0 


ip prefix-list E permit 0.0.0.0/1 le 24 


All host routes 

Any subnet in class B address space 

All routes 

Just the default route 

Any prefix in class A address space covering at least 256 
addresses 


The figure contains some commonly used prefix-list examples. 
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BGP Filters Implementation 


This topic describes where you can implement prefix-lists in a BGP network. 


BGP Filters Implementation 


Outgoing neighbor 


prefix-list out 
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You can optionally apply filter-lists and prefix-lists on either incoming or outgoing neighbors 
in any combination. Both the incoming prefix-list and the incoming filter-list must permit the 
routes that are received from a neighbor before they are accepted into the BGP table. Outgoing 
routes must pass both the outgoing filter-list and the outgoing prefix-list before being 
transmitted to the neighbor. 


When a router is configured to redistribute routing information from an Interior Gateway 
Protocol (IGP) into BGP, the routes must successfully pass any prefix-list or access-list that is 
applied to the redistribution before a route is injected into the BGP table. 
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Implementing Prefix-Lists in the 
BGP Process 


This topic identifies the Cisco IOS commands that are required to apply prefix-lists for filtering 
of inbound or outbound updates. 


Implementing Prefix-Lists in the 


BGP Process 
————— ee a Chica pean ee 


router (config-router) # 


neighbor {ip-address/peer-group-name} prefix-list prefix-listname 
{in|out} 


¢ Filters inbound or outbound BGP routing updates for 
a configured neighbor session 


router (config-router) # 


distribute-list prefix-list prefix-list out routing-process 


° Filters routes redistributed from specified routing 
process into BGP 
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You can use prefix-lists to filter incoming or outgoing BGP updates to neighbors. You can also 
use them to filter routes that are being redistributed into the BGP process from other routing 
protocols. 
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neighbor prefix-list 


To distribute BGP neighbor information as specified in a prefix-list, use the neighbor prefix- 
list router configuration command. 


m neighbor {ip-address | peer-group-name} prefix-list prefix-listname {in | out} 


To remove an entry, use the no form of this command. 


= no neighbor {ip-address | peer-group-name} prefix-list prefix-listname {in | out} 


Syntax Description 


Parameter Description 

ip-address IP address of neighbor. 

peer-group-name Name of a BGP peer group. 

prefix-listname Name of a prefix-list. 

in Access list is applied to incoming advertisements to that 
neighbor. 

out Access list is applied to outgoing advertisements from that 
neighbor. 

Note A BGP peer group is a group of BGP neighbors with the same update policies. Route-maps, 


distribute-lists, filter-lists, and so on usually set update policies. Instead of defining the same 
policies for each separate neighbor, a peer group name is configured on the router, and 
these policies are assigned to the peer group. BGP peer groups are discussed in a later 
module. 
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distribute-list out 


To suppress networks from being advertised in updates, use the distribute-list out router 
configuration command. 


m = distribute-list {access-list-number | name | prefix-list prefix-listname} out [interface- 
name | routing-process | autonomous-system-number] 
To disable this function, use the no form of this command. 


# no distribute-list {access-list-number | name | prefix-list prefix-listname} out [interface- 
name | routing-process | autonomous-system-number] 


Syntax Description 


Parameter Description 
access-list-number | Standard IP access-list number or name. The list defines which 
name networks are to be received and which are to be suppressed in 


routing updates. 


prefix-listname Name of a prefix-list. The list defines which networks are to be 
received and which are to be suppressed in routing updates, 
based upon matching of the network prefix to the prefixes in the 


list. 
out Applies the access-list to outgoing routing updates. 
interface-name (Optional) Name of a particular interface. 
routing-process (Optional) Name of a particular routing process, or the keyword 
static or connected. 
autonomous -system- (Optional) AS number 
number 
Note Although you can use the neighbor prefix-list router configuration command as an 


alternative to the neighbor distribute-list command, do not use both the neighbor prefix- 
list and neighbor distribute-list command filtering to the same neighbor in any given 
direction. These two commands are mutually exclusive, and only one command (neighbor 
prefix-list or neighbor distribute-list) can be applied for each inbound or outbound 
direction. 
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Example 


Prefix-List Example 
Filtering Customer Prefixes 


¢ Requirement: the customer will announce 
prefixes only from assigned address space 
(172.16.0.0/16), with subnet masks no longer 
than /24. 


Backup ISP 


Multihomed 
Customer 


AS 123 
172.16.0.0 


router bgp Primary-ISP-as 
neighbor Customer prefix-list Cust-A in 
! 


ip prefix-list Cust-A seq 5 permit 172.16.0.0/16 le 24 
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In this example, a multihomed customer has been assigned the address space 172.16.0.0/16. 
The customer may subnet this address space but may not announce smaller subnets than a 
subnet mask of 255.255.255.0. Larger subnets are accepted. If the customer has subnetted the 
network into smaller subnets, it must summarize the routing information about those subnets 
into at least /24 prefixes before announcing them. 


The primary ISP implements a prefix-list named “Cust-A” to perform the filtering of incoming 
information from the multihomed customer. The prefix-list permits all routes that are received 
from the customer that have 172.16 in the first 16 bits and have a subnet mask of 24 bits or less. 
Any other routes from the customer are denied and silently ignored. 
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Example 


Prefix-List Example 
Filtering Peer Prefixes 


¢ Requirement: the ISP will not accept 
routes with subnet masks longer than /24; 
subnet masks from class B address 
space will be no longer than /20. 


Backup ISP 


Multihomed 
Customer 


~—S 


a a 


Primary 
link Primary ISP 


router bgp Primary-ISP-as 
neighbor Backup-ISP prefix-list Peer in 
! 


ip prefix-list Peer seq 5 permit 128.0.0.0/2 le 20 
ip prefix-list Peer seq 10 permit 0.0.0.0/0 le 24 


002G_189 
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In this example, the primary ISP will not accept any route from the customer that indicates a 
subnet smaller than a 255.255.255.0 subnet mask. The class B network, however, must not be 


subnetted into smaller subnets than a 255.255.240.0 subnet mask. 


The primary ISP implements this route by using a prefix-list named “Peer.” The first line in the 
prefix-list checks if it is a class B network. Remember that a class B address always has the 
binary sequence 10 as the first two bits in the first byte. The second line matches any prefix. 


When the primary ISP receives a route from the customer, it compares the route with both 
lines. If the route is a class B network, both lines match. Testing will continue by checking the 
subnet mask. An upper bound is explicitly indicated, giving a maximum prefix length of 20 


bits. 


If the received route is not a class B network, only the second line matches. In this case, the 
subnet mask length must be greater or equal to 0 and less than or equal to 24, providing a route 


less explicit than a /24 prefix. 
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Modifying Prefix-Lists 


This topic identifies the Cisco IOS commands that are required to modify configured prefix-list 
filters. 


Modifying Prefix-Lists 
Ef ed 


router# 


show ip prefix-list list-name [detail|summary] 


* Displays the prefix-list and the sequence numbers 


router (config) # 


no ip prefix-list seq seq condition 


° Erases the line with the specified sequence number 
from the prefix-list 


router (config) # 


ip prefix-list seq seq condition 


° Inserts the line into the prefix-list at the specified 
point 
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Lines in a prefix-list are assigned sequence numbers. These assignments significantly increase 
the manageability of the list. They provide the opportunity to remove a specific line, and, if 
spacing between the sequence numbers allows, they provide the ability to insert a line between 
two existing lines. 


To display a currently configured prefix-list and its sequence numbers, use the show ip prefix- 
list command with the detail keyword. 


You can specify sequence values for prefix-list entries in any increments that you want (the 
automatically generated numbers are increased in units of 5). If you specify the sequence values 
in increments of 1, you will not be able to insert additional entries into the prefix-list. If you 
choose very large increments, you could run out of sequence values. 
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Monitoring Prefix-Lists 


This topic lists the Cisco IOS commands that are required to monitor the operation of 
configured prefix-list filters. 


Monitoring Prefix-Lists 
a ed 


router# 


show ip prefix-list [detail | summary] prefix-list-name 
[network/length] [seq sequence-number] [longer] [first- 
match] 


* To display information about a prefix-list or prefix-list 
entries 


router# 


show ip bgp prefix-list prefix-list-name 


* Displays all routes in the BGP table matching the 
prefix-list 

* Used for easier monitoring of a desired network 
prefix group in the BGP table 


BGP v3.1—3-16 


show ip prefix-list 


To display information about a prefix-list or prefix-list entries, use the show ip prefix-list 
EXEC command. 


m= = show ip prefix-list [detail | summary] name [network/len] [seq seq-num] [longer] [first- 
match] 


Syntax Description 


Parameter Description 

detail | summary (Optional) Displays detailed or summarized information about all 
prefix-lists 

name (Optional) The name of a specific prefix-list 

network/len (Optional) The network number and length (in bits) of the network 
mask 

seq (Optional) Applies the sequence number to the prefix-list entry 

seq-num The sequence number of the prefix 

longer Displays all entries of a prefix 

first-match Displays the entry of a prefix 
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The show ip bgp prefix-list command displays selected routes from a BGP routing table based 
on the contents of a prefix-list. Use it for selective filtering of BGP table output on Cisco IOS 
devices on the basis of network prefix groups. 


To perform prefix-list-based BGP table filtering, follow these steps: 


m= Configure a prefix-list that permits ranges of networks meant to be displayed in the BGP 
table output. 


m Include a reference to a configured prefix-list in the show ip bgp prefix-list command. 


Note The support for prefix-list BGP table filtering was added in Cisco IOS Release 12.2(11)T and 
12.0(14)ST. 


Monitoring Prefix-Lists (Cont.) 


router# show ip prefix-list detail 

Prefix-list with the last deletion/insertion: InFilter 

ip prefix-list InFilter: 
count: 4, range entries: 3, sequences: 5 - 20, refcount: 2 
seq 5 deny 128.0.0.0/2 le 15 (hit count: 0, refcount: 2) 
seq 10 deny 192.0.0.0/3 ge 25 (hit count: 0, refcount: 1) 
seq 15 deny 193.0.0.0/8 ge 21 (hit count: 0, refcount: 1) 
seq 20 permit 0.0.0.0/0 (hit count: 0, refcount: 1) 
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In this example, the show ip prefix-list command has been issued with the detail keyword. The 
output of the command displays detailed information about configured prefix-lists, including 
sequence numbers, the prefix-list entries, and the number of times that each entry has been 
matched by a corresponding prefix. 
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Monitoring Prefix-Lists (Cont.) 


Router (config) # ip prefix-list MyFilter seq 5 permit 10.0.0.0/8 le 32 


002G_191 


Router# show ip bgp prefix-list MyFilter 


BGP table version is 11, local router ID is 10.5.5.5 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network 


N Metric LocPrf Weight Path 
*> 10.5,5.5/32 0 

fe) 

fe) 


. 32768 ? 
P 32768 ? 
E 32768 i 


*> 10.6.6.0 
*> 10.8.0.0 


002G_192 
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This example shows a simple prefix-list-based filtering of the BGP table. The prefix-list filter 
permits all networks with the first octet equal to 10 and any length of a subnet mask (le 32). In 
the show ip bgp prefix-list output, only the networks permitted by the prefix-list filter are 
displayed. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
ee Seon "| 


* Customers with multihomed networks are 
responsible for announcing their own networks 
using BGP, and service providers with multihomed 
customers must take precautions not to accept, 
use, or forward any erroneous routing information 
that is received from their customers. 


° There are significant advantages to using prefix- 
lists versus IP access-lists. 


° Prefix-lists are configured using the ip prefix-list 
global configuration command. 


¢ Filter-lists and prefix-lists can be optionally applied 
on either incoming or outgoing neighbors in any 
combination. 


Summary (Cont.) 


° Use prefix-lists to filter incoming or outgoing BGP 
updates to neighbors and to filter routes that are 
being redistributed into the BGP process from 
other routing protocols. 


° The lines in a prefix-list are assigned sequence 
numbers, which makes them much easier to 
manage. 


¢ To display or monitor statistics about a prefix-list 
or prefix-list entries, you can use the show ip prefix- 
list EXEC command. 
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References 


For additional information, refer to these resources: 


m= For more information on prefix-list filters, refer to “Configuring BGP” at the following 
URL: 
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/1cprt1/1¢ 
bgp.htm#xtocid15 


Next Steps 


For the associated lab exercise, refer to the following section of the course Lab Guide: 


m= Lab Exercise 3-3: Filtering with Prefix-Lists 
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Using Outbound Route 
Filtering 


Overview 


Outbound route filtering is a prefix-based feature that minimizes the number of BGP updates 
that are sent between peer routers. An outbound route filter (ORF) aids in the reduction of 
resources that are required for generating and processing routing updates by filtering out 
unwanted routing updates at the source. One common use of BGP outbound route filtering is to 
reduce the amount of processing that is required on a router that is not accepting full routes 
from a service provider network to which it is connected. 


This lesson discusses the function of outbound route filtering in a BGP network. The format 
and function of ORF messages are discussed, as well as the commands that enable ORF 
negotiations and the activation of an ORF prefix-list. The commands that are used to trigger a 
route refresh will also be detailed. Finally, there is a discussion on how to monitor the 
operations of a configured ORF in a BGP network. 


Relevance 


An ORF is an additional mechanism that is used to minimize the number of updates that are 
requested from a neighbor, which reduces link bandwidth consumption and CPU use when a 
router requests a route refresh. ORF also allows filtering of information that external networks 
should not receive (such as RFC 1918 information). Understanding how to monitor ORF 
capabilities is also important because a BGP neighbor that supports specific ORF capabilities 
will report those capabilities to a monitoring neighbor and can then send a filter of the 
supported type to the neighbor. 
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Objectives 


Upon completing this lesson, you will be able to describe the use of outbound route filtering. 
This includes being able to meet these objectives: 


m= Describe the function of outbound route filtering in a BGP network 
m Describe the format and function of an ORF message 


m Identify the Cisco IOS command that is required to enable ORF negotiations and activate 
an ORF prefix-list 


m Identify the Cisco IOS command that is used to trigger a route refresh 


m Identify the Cisco IOS command that is required to monitor the operation of a configured 
ORF 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
ee Cisco.com | 


° Overview 
* Outbound Route Filtering 
¢ Outbound Route Filter Message 


¢ Configuring Outbound Route Filtering 
¢ Using Outbound Route Filtering 

* Monitoring Outbound Route Filtering 
° Summary 
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Outbound Route Filtering 


This topic discusses the function of outbound route filtering in a BGP network. 


Outbound Route Filtering 


¢ The purpose of outbound route filtering is to 
reduce the amount of BGP traffic and CPU use 
needed to process routing updates. 


* Routers exchange inbound filter configurations, 
which are used as outbound filters on neighboring 
routers. 


¢ Filters are described in ORF entries. 
° ORF entries are part of the route refresh message. 


Outbound route filtering is a prefix-based BGP feature that is enabled through the 
advertisement of ORF capabilities to peer routers integrated in Cisco IOS Release 12.2(4)T. 
The advertisement of the ORF capability indicates that a BGP-speaking router will accept a 
prefix-list from a neighbor and apply the prefix-list to locally configured ORFs (if any exist). 
When this capability is enabled, the BGP speaker can install an inbound prefix-list filter to the 
remote peer as an outbound filter, which reduces unwanted routing updates. 


The standard route refresh message contains the address family information for which the 
refresh is needed. Outbound route filtering is an additional mechanism that is used to minimize 
the number of updates that are requested from a neighbor. 


This mechanism reduces link bandwidth consumption and CPU use when a router requests a 
route refresh. Filters that should be used by routers with the route refresh are described in ORF 
entries that are part of the route refresh message. 


You can configure the ORF feature with send, receive, or send and receive capabilities. The 
local peer advertises the ORF capability in send mode. The remote peer receives the ORF 
capability in receive mode and applies the filter as outbound policy. The local and remote peers 
exchange updates to maintain the ORF for each router. Peer routers exchange updates 
depending on the ORF prefix-list capability that is advertised. The remote peer starts sending 
updates to the local peer after it receives a route refresh request or an ORF prefix-list with an 
immediate status. 
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Example 


Inbound vs. Outbound piltering 


Standard inbound filtering: 


Filter 100 
AS 1 100,000 routes ORF _List AS 2 


Standard 
input filter 


Outbound route filtering: 


Use filter ORF_List (route refresh with ORF messages) 


100,000 Filter 


Output filter 
received from AS 2 


002G_193 


Outbound route filtering can limit the number of unwanted routing updates, which will reduce 
the amount of resources that are required for routing update generation and processing. This 
feature also reduces the amount of resources that are required to receive and discard routes that 
would otherwise be filtered out by the receiving router if the ORF feature was not available. 


The example shows two scenarios. 


m= The first example shows that 100,000 routes are sent to a neighbor, and the input filter 
permits only 100 of these routes. 


m The second example shows how a route refresh with a filter is sent to the neighbor. The 
neighbor then uses the filter before sending the updates. This way only 100 updates are 
sent. 
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Outbound Route Filter Message 


This topic describes the format and function of the ORF message. 


Outbound Route Filter Message 


ORF Format 
* ORF message consists of the following fields: 
— AFIISAFI 
— ORF type 
— When to refresh 
— List of ORF entries 
¢ ORF entries depend on the ORF type. 


* The ORF capability needs to be negotiated for 
every supported ORF type. 


An ORF message contains the following information: 


m Address Family Information (AFI) and Subsequent Address Family Information (SAFI) for 
which the filter should be used 


m= ORF type, which identifies the type of filter 

m= = When to refresh (immediate or deferred refresh) 

m= List of ORF entries where the actual filter is defined 

You can use the AFI/SAFI component of the ORF message to provide a coarse level of 


granular control by limiting the ORF to only the routes whose Network Layer Reachability 
Information (NLRI) matches the configured AFI/SAFI component. 


The ORF capability has to be negotiated by the router for each ORF type that is supported in 
the ORF message. 
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Outbound Route Filter Message Cont} 


ORF types 
° NLRI (ORF type=1) 
— filters based on the prefix 
¢ Communities (ORF type=2) 


—filters based on standard BGP community 
attributes 


¢ Extended Communities (ORF type=3) 


— filters based on the extended BGP community 
attributes 


° Prefix list (ORF type=128) 


— filters based on Cisco implementation of prefix 
filtering 


The value contained in the ORF type determines the content that is contained in the ORF 
message. 


Currently, ORF type 0 is reserved, ORF types 1 to 127 are assigned by the Internet Assigned 
Numbers Authority (IANA), and ORF types 128 to 255 are vendor-specific (and not assigned 
by the IANA). Commonly used ORF types are as follows: 


m= ORF type 1 is used to filter based on the NLRI. 
m ORF type 2 is used to filter based on standard BGP community attributes. 
m= ORF type 3 is used to filter based on extended BGP community attributes. 


m= ORF type 128 is used to filter based on the Cisco proprietary implementation of prefix 
filtering (prefix-lists). 
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Outbound Route Filter Message (Cont) 


AFI/SAFI is IPv4 unicast. 


ORF type is NLRI: 
- Action: ADD, DELETE, or DELETE ALL 
* Match: PERMIT or DENY 


* Scope: EXACT or REFINE 
* NLRI: _ prefix 
¢ When: IMMEDIATE or DEFER 


BGP v3.1—3-7 


The content of the ORF value is determined by the ORF-type setting. An ORF type of NLRI- 
based filtering (type 1) uses the following actions: 


m ADD: adds a line to a prefix-list filter on the remote peer 
m DELETE: removes a line from a filter that was previously installed on a remote peer 


m DELETE ALL: removes all previously installed filters on the remote peer 


For each filter entry, there is a match component that specifies either PERMIT or DENY. A 
PERMIT asks the peer to send updates with routes that match the set of entries as specified in 
the outbound route filter. DENY specifies that the remote peer should not send updates for the 
entries matching those specified in the ORF. 


For prefixes specified with a match component of PERMIT, the remote peer is asked to pass a 
prefix with a scope of EXACT (an exact match) or REFINE (its subnets). 


Also contained within the ORF message is the when-to-refresh field. A router can set this field 
to IMMEDIATE (asking the remote peer to refresh as soon as it has finished processing the 
ORF message) or DEFER (asking the remote peer to wait until it receives a subsequent route 
refresh message with the same AFI/SAFI). 
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Configuring Outbound Route Filtering 


This topic identifies the Cisco IOS command that is required to enable ORF negotiations and 
activate an ORF prefix-list. 


Configuring Outbound Route ptening 


router (config-router) # 


neighbor ip-address capability orf prefix-list 
[receive |send|both] 


¢ Enables negotiation of prefix-list ORF capability 
during session setup. 


¢ The ORF-capable BGP speaker will install ORFs per 
neighbor. 
° Option: 
-“both” allows sending and receiving of prefix-lists. 
-“send” allows only sending of prefix-lists. 
-“receive” allows only receiving of prefix-lists. 


Cisco routers support the uploading of their prefix-lists to a neighbor. You need to use the 
neighbor ip-address capability orf prefix-list receive command to advertise this capability, 
and you need to use neighbor ip-address capability orf prefix-list send to upload the inbound 
prefix filter to the neighbor. The uploaded filter is then used on the neighboring router after a 
statically configured outbound prefix-list (if it exists) is applied. 


The command neighbor ip-address capability orf prefix-list enables the negotiation of the 
prefix-list ORF capability during BGP session setup. The prefix-list-based ORF (ORF 
type=128) is the only ORF type that Cisco IOS software supports. 
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neighbor orf prefix-list 


To advertise ORF capabilities to a peer router, use the neighbor orf prefix-list command in 
address family or router configuration mode. 


m= neighbor {ip-address} [capability] orf prefix-list [receive | send | both] 


To disable ORF capabilities, use the no form of this command. 


= no neighbor {ip-address} [capability] orf prefix-list [receive | send | both] 


Syntax Description 


Parameter Description 

ip-address The IP address of the neighbor router 

capability (Optional) Informs the specified neighbor that this router has ORF 
capabilities 

receive (Optional) Enables the ORF prefix-list capability in receive mode 

send (Optional) Enables the ORF prefix-list capability in send mode 

both (Optional) Enables the ORF prefix-list capability in both receive 
and send modes 
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Configuring Outbound Route 
Filtering (Cont.) 


router bgp 1 
neighbor 5.0.0.2 remote-as 2 
neighbor 5.0.0.2 capability orf prefix-list receive 


remote-as 1 
capability orf prefix-list send 
prefix-list MyList in 


ip prefix-list MyList seq 5 deny 10.0.0.0/8 le 32 

ip prefix-list MyList seq 10 deny 172.16.0.0/12 le 32 
ip prefix-list MyList seq 15 deny 192.168.0.0/16 le 32 
ip prefix-list MyList seq 20 permit 0.0.0.0/0 le 32 
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* Command capability orf prefix-list send on one router 
requires capability orf prefix-list receive on neighboring 
router. 
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The example shows the configuration of two routers where one router has uploaded an input 
prefix-list to the neighbor to be used as an output filter. 


The following configuration steps are necessary to enable outbound route filtering: 
Step 1 Enable negotiation of outbound filtering based on prefix-lists. 
Step 2 Attach an input prefix-list to a neighbor. 


Step 3 Enable sending of input prefix-list to the neighbor. 
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Using Outbound Route Filtering 


This topic identifies the Cisco IOS command that is used to trigger a route refresh message. 


Using Outbound Route Putering 


router# 


clear ip bgp neighbor in [prefix-filter] 


° Triggers a route refresh message. 
° Includes a prefix-list in the route refresh message if 
configured and supported on both ends. 


° Prefix-list is sent at session setup. 
¢ Use the prefix-filter option to refresh the remote filter. 


Use the clear ip bgp neighbor command with the prefix-filter keyword to push out the 
existing ORF prefix-list so that a new route refresh will be received from a neighbor. The 
neighbor will use the ORF prefix-list that was previously negotiated. 


You need to use the clear ip bgp neighbor command only when the filter has been modified 
because the neighbor will store the filter for subsequent route refresh requests. The neighbor 
will then use the filter on all updates toward the router that originated the filter. 


Note The in keyword is entered when you are using the clear ip bgp neighbor command 
because inbound route refresh is desired; only the inbound prefix-list filter is pushed to the 
neighbor and used by the neighbor in the outbound direction. 


The router will ignore the prefix-filter keyword if ORF capability has not been received or the 
send capability has not been enabled. 


When the clear ip bgp neighbor command is used without the prefix-filter keyword, a normal 
route refresh is performed. The prefix-filter keyword should always be used when ORF 
inbound routing policy changes occur. 
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Monitoring Outbound Route Filtering 


3-76 


This topic identifies the Cisco IOS command that is required to monitor the operation of an 
ORF that you have configured and activated. 


Monitoring Outbound Route Ete ring 


router# 


show ip bgp neighbors neighbor 


° Verifies the supported capabilities 


router# show ip bgp neighbors 5.0.0.1 
BGP neighbor is 5.0.0.1, remote AS 1, external link 
BGP version 4, remote router ID 172.16.1.2 
BGP state = Established, up for 00:00:09 
Last read 00:00:09, hold time is 180, keepalive interval is 60 seconds 
Neighbor capabilities: 
Route refresh:advertised and received (new) 
Address family IPv4 Unicast:advertised and received 
output ommited 
For address family:IPv4 Unicast 
BGP table version 21, neighbor version 19 
Index 1, Offset 0, Mask 0x2 
AF-dependant capabilities: 
Outbound Route Filter (ORF) type (128) Prefix-list: 
Send-mode: advertised, received 
Receive-mode: advertised, received 
Route refresh request:received 6, sent 3 
2 accepted prefixes consume 80 bytes 
Prefix advertised 12, suppressed 0, withdrawn 2 
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Use the show ip bgp neighbors neighbor command to display the supported capabilities. 


If the neighbor supports a certain ORF capability, it is shown as “advertised, received” and a 
filter of the supported type can be sent by that router to its neighbor. 


The example output from the show ip bgp neighbors command shows that neighbor 5.0.0.1 is 
configured with the prefix-based ORF feature in both send and receive modes. ORF capabilities 
negotiation has been completed and is displayed per address family. The ORF type that has 
been negotiated by this router with its peer is 128 (Cisco proprietary, prefix-list-based). 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 


isc cor 


¢ Outbound route filtering is a mechanism that is used to 
minimize the number of updates that are requested 
from a neighbor. 


* The ORF message contains the information that is 
used to determine which updates will be passed. 


¢ The neighbor ip-address capability orf prefix-list 
command with the send and receive keywords enables 
ORF negotiations and activates an ORF prefix-list. 


¢ Use the clear ip bgp neighbor command to trigger a 
BGP route refresh. 


¢ With the show ip bgp neighbors command, neighbor- 
supported ORF capabilities are displayed as 
“advertised, received,” and a filter of the supported 
type can be sent to the neighbor. 


References 


For additional information, refer to these resources: 


m= For more information on outbound route filtering, refer to “BGP Prefix-Based Outbound 


Route Filtering” at the following URL: 


http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t11/ft 


11borf.htm 


m= For more information on ORF messages, refer to “Cooperative Route Filtering Capability 


for BGP-4” in the Internet Engineering Task Force (IETF) working group. 
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Applying Route-Maps as BGP 
Filters 


Overview 


BGP is a powerful routing protocol that supports a wide variety of administrative policy 
controls and route selection features. Complex filtering policies may contain requirements to 
match routing updates against a set of differing criteria that cannot be facilitated by a single- 
purpose filtering mechanism such as an AS-path filter. Route-maps provide a method to 
perform a variety of compound, complex filtering operations within a single tool. This lesson 
describes route-maps and how you can use them for BGP filtering. Included in this lesson are 
the commands that are required to use route-maps with prefix-lists, and discussion of how to 
use them as BGP filters and how to monitor previously configured route-maps. 


Relevance 


Many complex filtering goals and administrative policies cannot be achieved by using only 
single-purpose filtering methods or by compounding multiple filtering methods together. 
Route-maps are an important tool that can assist network operators in solving complex filtering 
requirements. Understanding the operation and use of route-maps is a critical component in the 
successful implementation of any large-scale BGP deployment. 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Objectives 


Upon completing this lesson, you will be able to describe the use of route-maps as BGP filters. 
This includes being able to meet these objectives: 


m™ Identify the need to use route-maps to influence route selection in a BGP network 
m Identify the high-level function of a route-map 


m Identify the Cisco IOS commands that are required to configure a route-map to match 
against a prefix-list 


m= Identify where you can apply route-maps as route filters in a BGP network 


m Identify the Cisco IOS command that is required to enable a route-map as a BGP route 
filter 


m Identify the Cisco IOS commands that are required to monitor the operation of a configured 
route-map that is used as a BGP filter 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
_———————— sn Cisco'com mannan 


° Overview 
¢ Why Use Route-Maps as BGP Filters? 
¢ Route-Map Overview 


° Prefix-List Use in Route-Maps 
¢ BGP Filters 
¢ Using Route-Maps as BGP Filters 


* Monitoring Route-Maps 
° Summary 
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Why Use Route-Maps as BGP Filters? 


This topic identifies the need to use route-maps to influence route selection in a BGP network. 


Why Use Route-Maps as BGP Filters? 


Some scenarios require complex filters 


° Filters on IP prefixes coming from specific AS 
number 


¢ Filters on other BGP attributes 


In some cases, network administrators even 
need to modify BGP attributes. 


Route-maps provide a solution to both 
requirements. 


Network administrators cannot achieve certain complex filtering goals by using a prefix-list 
only or by using an AS-path filter list only. Using both of these filters simultaneously means 
that a route must be permitted by both to be accepted. Sometimes the goal is to permit a 
specific prefix if it is received with a specific AS-path and to deny it otherwise. 


Combinations of tests can be implemented using route-maps. A route-map is a powerful 
filtering tool that can also modify routing information. Different attributes can have their values 
set or changed by the route-map. 
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Route-Map Overview 


This topic identifies the high-level function of a route-map. 


Route-Map Overview 
es CieaeanD = | 


Route-maps are very complex access-lists: 


* Access-lists have lines; ¥ route-maps contain 
statements. 


¢ Access-lists use addresses and masks; ¥ route-maps 
use match conditions. 


¢ With access-lists, there is an access list number; ¥ with 
route-maps, there is a route-map name. 

* Statements in route-maps are numbered. 
— You can insert and delete statements in a route-map. 
— You can edit match conditions in a statement. 


¢ Route-map statement can modify matched route with 
“set” option. 


A route-map is a filter. What is denied by the route-map is dropped. Additionally, you can use 
the route-map to modify attributes of the permitted routes. 


Route-maps have similarities to access-lists. Both have a set of tests to be performed. Several 
tests can be done in sequence. The first match produces the result of either “permit” or “deny.” 


An access-list has a number of lines, each indicating a testing condition. The route-map is more 
complex than the access-list. It consists of several groups of configuration lines. Each group is 
called a statement. The statement has a sequence number that provides the opportunity to 
remove or modify an explicit statement without removing the entire route-map. It also provides 
the opportunity to add a new statement between two existing statements. 


Each route-map statement starts with a configuration line indicating the name of the route-map, 
the sequence number, and whether the result should be permitted or denied if the testing 
matches. The statement then continues on, following configuration lines with the match 
clauses. Matching can be done in several ways. It can be a test on the prefix, the AS-path, or 
some other attribute. The statement concludes with optional “set” statements, where attributes 
may be modified or set. 
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Route-Map Overview (Cont.) 


route-map name [permit|deny sequence] 
match condition 

match condition 

set parameter 
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Default statement action is “permit”. 
Route not matched by any statement is dropped. 


“Permit all” is achieved by specifying “permit” without 
“match” clause. 


Match conditions in one statement are ANDed together. 
First matching statement permits or denies the route. 
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A route-map consists of several statements. Each statement starts with the route-map 
configuration line, on which the name of the route-map must be indicated. A good practice is to 
always indicate the permit or deny keyword followed by a sequence number. 


The matching clauses for the statements are listed on the match lines following the route-map 
line. There may be several match lines, each referring to a different test to be performed. All 
tests must be passed in order for the statement to be matched. If any of the match line tests fails, 
the next route-map statement is tried. Statements are tried in sequence number order. If there 
are no more statements in the route-map, the result is, implicitly, “deny.” 


If all of the match clauses succeed, there is a match for the statement and the indicated result is 
used. If the result is to deny, the route is then silently ignored. If the result is to permit, the 
route is accepted and the set clauses are applied. The set clauses allow one or more attributes to 
be changed or set to specific values before the route is accepted. 
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Route-Map Overview (Cont.) 


¢ Route-map conditions are specified in the 
match statement. 


* Route-maps can match on: 


— A network number and subnet mask matched with an IP 
prefix-list 


— Route originator 

— BGP next-hop address 

— BGP origin 

— Tag attached to IGP route 

— AS-path 

— BGP community attached to BGP route 
— IGP route type (internal/external ...) 


Each route-map statement can have several match clauses. Each match clause is given its own 
configuration line. The match clause refers to the tests to be made on the candidate route. Tests 
of the candidate route can be based on the following criteria: 


m= IP network numbers and subnet masks, by referring to a prefix-list or access-list that will be 
applied on the route 

= Route originator, by referring to a prefix-list or access-list that will be applied on the value 
of the originator BGP attribute 

= Next hop, by referring to a prefix-list or access-list that will be applied on the value of the 
next-hop BGP attribute 

m™ Origin code, by testing the value of the origin BGP attribute 

m= Tag value that is attached to an IGP route—used only when redistribution from an IGP into 
BGP occurs 

m AS-path, by referring to an AS-path access-list that will be applied on the value of the AS- 
path BGP attribute 

= Community, by referring to a community-list that will be applied on the value of the 
Community BGP attribute 

m= IGP route type, by testing if the IGP route is internal or external—used only when 
redistribution from an IGP to BGP occurs 
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Route-Map Overview (Cont.) 


* Route-maps can also change the attributes of 
BGP routes. 


° Route-maps can set: 
— Origin 
— BGP next hop 
— Weight 
— BGP community 
— Local preference 
— Multi-exit discriminator (MED) 
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Each route-map statement may have several set clauses. Each set clause is applied to the route 
when the route-map statement permits the route. With a route-map, the following can be set: 


= Origin BGP attribute 

m= Next-hop BGP attribute 

= Weight 

= Community BGP attribute 

= Local preference BGP attribute 


= Multi-exit discriminator (MED) BGP attribute, by setting the metric 
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Prefix-List Use in Route-Maps 


This topic identifies the Cisco IOS commands that are required to configure a route-map to 
match against a prefix-list. 


Prefix-List Use in Route-Maps 
_————— Se ea AY Sat | 


router (config-route-map) # 


match ip address prefix-list list-name 


° Uses prefix-list to match routes in route-map match 
condition 


router (config -route-map) # 


match ip next-hop prefix-list list-name 


¢ Matches routes where the next hop matches the 
conditions in the prefix-list 


router (config -route-map) # 


match ip route-source prefix-list list-name 


* Matches routes received from BGP peer that matches 
the prefix-list 


match ip address 
To distribute any routes that have a network number that is permitted by a prefix-list, use the 
match ip address route-map configuration command. To remove the match ip address entry, 
use the no form of this command. 


match ip next-hop 


To distribute any routes that have a next-hop router address that is passed by one of the prefix- 
lists specified, use the match ip next-hop route-map configuration command. To remove the 
next-hop entry, use the no form of this command. 


match ip route-source 


To distribute routes that routers have advertised and to access servers at the address specified 
by the prefix-list, use the match ip route-source route-map configuration command. To 
remove the route source entry, use the no form of this command. 
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BGP Filters 


This topic identifies where you can apply route-maps as route filters in a BGP network. 


BGP Filters 


Incoming neighbor 


filter-list in 


route-map in filter, 
set attributes 


tas 


My router 


Outgoing neighbor 


prefix-list out 


filter-list out 


IGP 
(OSPF, EIGRP) 


route-map out filter, 
EH 5 set attributes 
distribute-list out 
route-map on 
redistribution 
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You can optionally apply filter-lists, prefix-lists, and route-maps on either incoming or 
outgoing information, or in any combination. The incoming prefix-list, the incoming filter-list, 
and the incoming route-map must all permit the routes that are received from a neighbor before 
being accepted into the BGP table. Outgoing routes must pass the outgoing filter-list, the 
outgoing prefix-list, and the outgoing route-map before being transmitted to the neighbor. 


When a router is configured to redistribute routing information from an IGP into BGP, the 
routes must successfully pass any prefix-list or route-map that is applied to the redistribution 
before a route is injected into the BGP table. 
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Using Route-Maps as BGP Filters 


This topic identifies the Cisco IOS command that is required to enable a route-map as a BGP 
route filter. 


Using Route-Maps as BGP Filters 
a 


router (config-router) # 


neighbor ip-address route-map name [in | out] 


* Applies a route-map to incoming or outgoing BGP 
updates. 


° Prefixes not permitted by route-map are discarded. 


* Route-maps can also change BGP attributes in 
incoming or outgoing updates. 


* Route-maps, filter-lists, and prefix-lists are evaluated 
in sequence (effectively ANDed together). 
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You can apply a route-map on incoming or outgoing routing information for a neighbor. The 
routing information must be permitted by the route-map in order to be accepted. If there is no 
statement in the route-map explicitly permitting a route, then the route will be implicitly denied 
and dropped. 


The permitted routes may have their attributes set or changed by the set clauses in the route- 
map. Setting attributes on routes is useful when you are influencing route selection. Some 
routes can be permitted by one of the statements in the route-map and have their attributes 
changed. Another statement in the route-map could permit other routes and not have their 
attributes altered. When route selection is performed, the attribute values indicate that one route 
is more preferred than the other. 
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Using Route-Maps as BGP Filters (Cont) 


* Requirement: the customer will 
accept only a default route and use 
the primary link for outbound traffic 


Multi-homed 
Customer 


router bgp 213 

neighbor 1.2.3.4 remote-as 462 
neighbor 1.2.3.4 route-map filter in 
neighbor 3.4.5.6 remote-as 387 
neighbor 3.4.5.6 route-map filter in 
! 


route-map filter permit 10 
match ip address prefix-list defonly 

match as-path 10 

set weight 150 

! 

route-map filter permit 20 

match ip address prefix-list defonly 

set weight 100 

! 

ip as-path access-list 10 permit _387$ 

ip prefix-list defonly seq 10 permit 0.0.0.0/0 
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In this example, the customer will accept only a default route and use the primary link that is 
connected to AS 387 for outbound traffic. 
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Monitoring Route-Maps 


3-90 


This topic identifies the Cisco IOS commands that are required to monitor the operation of a 
configured route-map that is used as a BGP filter. 


Monitoring Route-Maps 


Customer# show ip bgp 

BGP table version is 4, local router ID is 192.168.1.10 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight Path 
0.0.0.0 192.168.1.9 te) 100 462 i 
192.168.1.5 150 387 ? 


Default from primary Weight setting on 
selected as "best" incoming default 
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Use the show ip bgp command to display the configured route-map characteristics. 


The example shows that only default routes are entered into the BGP table. The default route 

from the primary link has been selected by BGP as the “best” route. The BGP route selection 
rules have been modified based on the configuration of the BGP weight attribute in the route- 
map. As part of that configuration, the weight of the primary link has been set to 150 and the 

weight of the backup link has been set to 100. 


Because BGP path selection prefers the highest weight, the router uses the primary link as the 
outgoing path. 
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Monitoring Route-Maps (Cont.) 


Customer# debug ip bgp update 


BGP updates debugging is on 


; All routes except for default are filtered out of BGP update 
Customer# clear ip bgp * 


01:09:03: %BGP-5-ADJCHANGE: neighbor 192.168.1.5 Up 
01:09:03: BGP(0): 192.168.1.5 rcvd UPDATE w/ attr: nexthop 192.168.1.5, origin ?, 
path 387 
: BGP(0): 192.168.1.5 revd 0.0.0.0/0 
: BGP(0): 192.168.1.5 revd 172.16.0.0/16 -- DENIED due to: route-map; 
: BGP(0): 192.168.1.5 revd 172.16.1.0/24 -- DENIED due to: route-map; 
: BGP(0): 192.168.1.5 revd 172.17.0.0/16 -- DENIED due to: route-map; 
: BGP(0): Revise route installing 0.0.0.0/0 -> 192.168.1.5 to main IP table 


Default route is 
installed in route table 
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Here we see that all routes except for the default route are being filtered out (DENIED) of the 
BGP update. The default route is installed in the route table. 
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Monitoring Route-Maps (Cont.) 


router# 


show ip bgp route-map route-map-name 


* Displays all routes in BGP table matching the route- 
map 
¢ Used for filtering the show ip bgp output on basis of 
BGP path attributes: 
— community 
— local preference 
— weight 
— origin 
— next-hop 
¢ Can also filter based on prefixes 
° Allows powerful combined filtering 


BGP v3.1—3-14 


You can also use route-maps for selective and powerful filtering of the BGP table. The show ip 
bgp route-map command displays selected routes from a BGP routing table based on the 
contents of a route-map. 


A route-map can match the routes on the basis of BGP path attributes (local preference, 
community, weight, origin, next-hop) or prefix-lists and access-lists (matching IP prefixes). 
The power of route-map filtering lies in the possibility of combining different filters; for 
example, filtering on community, prefix, and next-hop values. 


Note Support for route-map filtering was added in Cisco IOS Release 12.2(11)T and 12.0(14)ST. 
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Monitoring Route-Maps (Cont.) 


Customer# show ip bgp route-map filter 

BGP table version is 9, local router ID is 192.168.1.10 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal 
Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight Path 


0.0.0.0 192.168.1.9 te) 100 462 i 
192.168.1.5 te) 150 387 ? 
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In this example, a customer is using a simple route-map to filter the BGP table. By using the 
show ip bgp route-map command, the customer can display the filtered BGP table. The 
customer router configuration from which this output is collected is shown here for reference: 


router bgp 213 


neighbor 1.2.3.4 remote-as 462 
neighbor 1.2.3.4 route-map filter in 
neighbor 3.4.5.6 remote-as 387 
neighbor 3.4.5.6 route-map filter in 


route-map filter permit 10 

match ip address prefix-list defonly 
match as-path 10 

set weight 150 


route-map filter permit 20 
match ip address prefix-list defonly 
set weight 100 


ip as-path access-list 10 permit _3875 

ip prefix-list defonly seq 10 permit 0.0.0.0/0The route-map 
“filter” matches incoming networks from two service providers. For all routes that are sent by 
the primary provider (AS 387), the local router accepts the default route only, and it is marked 
as the preferred route with a weight of 150. Only a default route is accepted from the backup 
provider, and its weight metric has been set to 100. 


The customer then applies the route-map to the output of the show ip bgp route-map 
command, and only the networks that conform to the AS-path and prefix-list filters are 
displayed (network 0.0.0.0/0 in the example). 


Copyright © 2004, Cisco Systems, Inc. Route Selection Using Policy Controls 3-93 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
ee Ceone | 


* Route-maps provide a solution when complex 
filters are required and when you need to modify 
the BGP attributes. 


¢ A route-map is a filter that has the ability to drop 
denied routes as well as modify attributes of the 
permitted routes. 


* You can configure a route-map to match against a 
prefix-list by using the match ip address, match ip 
next-hop, and match ip route-source commands. 


° Filter-lists, prefix-lists, and route-maps can 
optionally all be applied on either incoming or 
outgoing information in any combination. 


Summary (Cont.) 


¢ Aroute-map can be applied on incoming or 
outgoing routing information to or froma 
neighbor, but the routing information must be 
permitted by the route-map in order to be 
accepted. 


* Monitoring route-maps is possible using the show 
ip bgp and debug ip bgp update commands. 
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References 


For additional information, refer to these resources: 


m= For information on route-maps, refer to “BGP Case Studies 1” at the following URL: 
http://www.cisco.com/warp/public/459/bgp-toc.html#routemaps 


m™ For further information on route-maps, refer to “BGP Configuration Guide” at the 
following URL: 
http://www.cisco.com/warp/public/707/cscsupport/setup_guides/bgp.html#bgpRouteMap 
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Implementing Changes in BGP 
Policy 


Overview 


Routing policies for a BGP neighbor may include filtering mechanisms such as route-maps, 
distribute-lists, prefix-lists, and AS-path filter-lists. Each of these filters may impact inbound or 
outbound routing table updates. Whenever there is an administrative change in routing policy, 
the BGP session must be reset, before the new policy can take effect. To accomplish this task, 
there are two types of reset: hard reset and soft reset. 


Clearing a BGP session using a hard reset invalidates the cache and results in a negative impact 
on the operation of networks, because the information in the cache becomes unavailable. A soft 
reset is recommended because it allows routing tables to be reconfigured and activated without 
clearing the BGP session. 


This lesson discusses routing updates in a BGP environment and the traditional methods of 
forcing BGP route updates after changes in a filter policy. The function and benefits of soft 
reconfiguration and route refresh are also discussed. The lesson also presents the commands 
that are required to perform a soft reconfiguration and route refresh and explains how to 
monitor and troubleshoot these features. 


Relevance 


Because of the huge volumes of routing information that BGP is capable of handling, 
traditional routing update methods are not feasible. When an administrator changes a filter 
policy, the change must be calculated by the router and updated throughout the network. Three 
methods available to update policy changes are hard reset and soft reset (including soft 
reconfiguration and route refresh). A hard reset is disruptive to the BGP session, and therefore 
network administrators should always use the soft reset methods in production BGP networks. 
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Objectives 


Upon completing this lesson, you will be able to explain the use of soft reconfiguration for 
BGP route updates. This includes being able to meet these objectives: 


m Identify the limitations of the traditional methods of forcing BGP route updates after 
changing a filter policy 


m™ Describe the function and impact of the soft reconfiguration feature 


m™ Identify the Cisco IOS commands that are required to configure and perform a soft 
reconfiguration 


m™ Identify the Cisco IOS tools that are available to monitor the operation of a soft 
reconfiguration 


m Describe the function and benefits of the route refresh function 
m Identify the Cisco IOS command that is used to trigger a route refresh 


m™ Identify the Cisco IOS commands that are required to monitor route refresh operation 


Learner Skills and Knowledge 


To benefit fully from this lesson, you must have these prerequisite skills and knowledge: 


m™ Successful completion of Building Scalable Cisco Internetworks (BSCI) or equivalent 


Outline 


The outline lists the topics included in this lesson. 


Outline 
_ OO ee (Cisco.com 


° Overview 
° Traditional Filtering Limitations 
° BGP Soft Reconfiguration 


° Cisco IOS Commands for Soft 
Reconfiguration 


* Monitoring Soft Reconfiguration 
* Route Refresh 


¢ Using Route Refresh 


* Monitoring Route Refresh 
° Summary 
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Traditional Filtering Limitations 


This topic identifies the limitations of traditional methods when you are forcing BGP route 
updates after changing filter policies. 


Traditional Filtering Limitations 


° All filters apply only to new incoming and 
outgoing updates. 


* To change outbound routing policy, you have 
to resend BGP updates to your neighbors. 


° To change inbound routing policy, you have 
to force your neighbor to resend the updates 
to you. 


¢ Traditional mechanism: clear BGP sessions. 


BGP can potentially handle huge volumes of routing information. But when network 
administrators change configuration lines in filters or route-maps, the router cannot go through 
the huge table of BGP information and calculate which entry is no longer valid in the local 
table. Nor can the router determine which route or routes, already advertised, should be 
withdrawn from a neighbor. There is an obvious risk that the first configuration change will be 
immediately followed by a second, which would cause the whole process to start all over again. 


To avoid such a problem, Cisco IOS software applies changes only on those updates that are 
received or transmitted after the configuration change has been performed. This approach 
means that the new routing policy, enforced by the new filters, is applied only on routes that are 
received or sent after the change. If network administrators would like to apply the policy 
change on all routes, they have to force the router to let all routes pass through the new filter. 


If the filter is applied to outgoing information, the router has to resend the entire BGP table 
through the new filter. If the filter is applied to incoming information, the router needs its 
neighbor to resend its entire BGP table so that it passes through the new filters. 


Traditionally, in order to accomplish these goals, network administrators have torn down the 
affected BGP sessions after completing a configuration change. After the sessions are down, all 
information that is received on those sessions is invalidated and removed from the BGP table. 
Also, the remote neighbor will detect a session down state, and it likewise will invalidate the 
routes that are received on the session. After a period of 30 to 60 seconds, the sessions are re- 
established automatically and the entire BGP table is exchanged again, but through the new 
filters. This process, however, disrupts packet forwarding. 
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Traditional Limitations of Clearing the BGP 


Session 
_ EO Cisco.com 


router# 


clear ip bgp {* | ip-address | peer-group-name} 


* Tears down the BGP session with all neighbors, specific 
neighbor, or all neighbors in a peer group. 


All BGP routes are lost after the session is torn down; 


connectivity through the BGP neighbor is lost. 
New session is re-established within 30 to 60 seconds. 


Full routing update is exchanged once the session is re- 
established, resulting in enforcement of new routing 
policy. 

Processing the full Internet routing table can take a long 
time. 


Clearing the BGP session is a very disruptive way to 
implement routing policies. 


The EXEC command clear ip bgp tears down one or several BGP sessions. The BGP sessions 
are terminated, and the TCP connections closed. The neighbors go into the Idle state and stay 
there for approximately 30 seconds. Next, the neighbor session goes into the Active state, and 
the sessions are re-established. 


You can implement the clear ip bgp command with the * argument, which applies to all 
sessions, or make a reference to a specific session or group of sessions to tear down. 


When the session is down, all routes that are received over the session by both routers are 
invalidated. When the session is once again in the Established state, all BGP routes have to be 
resent by both peers and pass through the new filters, which enforces the new policy. 


Exchanging the complete Internet routing table takes time, bandwidth, and CPU resources. IP 
packet forwarding to and from the neighbor is down for several minutes. Also, revoking and 
reannouncing of the routes will be registered by the rest of the Internet as a flap for each route. 
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BGP Soft Reconfiguration 


This topic describes the function of the soft reconfiguration feature. 


BGP Soft Reconfiguration 


* Soft reconfiguration was introduced in Cisco IOS 
Release 11.2 to facilitate nondisruptive changes in 
BGP routing policies. 


* Outbound soft reconfiguration resends complete 
BGP table. 


— Always enabled, not configurable 


* Inbound soft reconfiguration stores complete BGP 
table of your neighbor in router memory. 


With Cisco IOS Release 11.2 came the introduction of the soft reconfiguration feature. Soft 
reconfiguration provides the ability to run all routes through the filters without tearing down the 
sessions. Outbound soft reconfiguration was easy to implement because it is a simple resending 
of all routes in the local BGP table. Inbound soft reconfiguration was more complicated 
because a copy of all the routes that are received from a neighbor is required. The copy of the 
routes that are received from the neighbor is saved independently of the BGP table, before any 
filters are applied. Whenever the incoming filters are changed, a replay of everything that has 
been received from the neighbor will take place without involving the neighbor. The major 
drawback of this approach is the amount of memory that is required to hold the copy. 
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Example 


Soft Reconfiguration and 
Memory Use 


ISP 1 ISP 2 


100,000 100,000 100,000 


: 100,000 networks 
: 100,000 networks 
: 100,000 networks 


BGP table: 300,000 paths 
Routing table: 100,000 networks 
FIB table: 100,000 networks 


Sum: 500,000 networks 


t] 


002G_3i 
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This example shows the impact of soft reconfiguration on an ISP router with three upstream 
neighbors sending full Internet routing information. 


Each neighbor is sending 100,000 prefixes. The router stores each set in a dedicated per- 
neighbor BGP table. All 300,000 paths will then appear in the main BGP table if there is no 
filtering. The router will then choose the best path for each prefix and put it into the routing 
table. If Cisco Express Forwarding (CEF) switching is enabled, the router will store another 
copy in the Forwarding Information Base (FIB) table. 


This solution obviously does not scale in terms of the number of neighbors and prefixes. 
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Cisco l|OS Commands for Soft Reconfiguration 


This topic identifies the Cisco IOS commands that are required to configure and perform a soft 
reconfiguration. 


Inbound Soft Reconfiguration 
Cisco l|OS Commands 


router (config-router) # 


neighbor ip-address soft-reconfiguration inbound 


BGP table 


Incoming neighbor 


route-map in 
(filters, weights) 


Copy of updates 
received from filter-list weight 


neighbor 
default weight 


distribute-list in 


My router 
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When you configure soft-reconfiguration inbound for a neighbor, the router stores all routes 
that are received from that neighbor as an extra copy in memory. This copy is taken before any 
filtering is applied by the router to routes that it receives. 


This process is not enabled by default because it may consume large volumes of memory. 


neighbor soft-reconfiguration 


To configure Cisco IOS software to start storing updates, use the neighbor soft- 
reconfiguration router configuration command. 


m neighbor {ip-address | peer-group-name} soft-reconfiguration inbound 


To not store received updates, use the no form of this command. 


= no neighbor {ip-address | peer-group-name} soft-reconfiguration inbound 


Syntax Description 


Parameter Description 


ip-address IP address of the BGP-speaking neighbor 


peer-group-name Name of a BGP peer group 


inbound (Optional) Keyword that indicates that the update to be stored is 
an incoming update 
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Inbound Soft Reconfiguration 
Cisco lOS Commands (Cont.) 


router# 


clear ip bgp ip-address soft in 


BGP table 


route-map in 
(filters, weights) 


Copy of updates 
received from filter-list weight 
neighbor 
default weight 
distribute-list in 


My router filter-list in 
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When the network administrator has completed the changes to filters and route-maps that are 
applied on incoming information (changes that will implement a new routing policy), the clear 
ip bgp ip-address soft in is executed on the router in privileged EXEC mode. After the 
command has been entered, the router will not tear the session down. Instead, the router resends 
the saved copy of the received routing information through the new filters, and the result is 
stored in the local BGP table. 


clear ip bgp 


To reset a BGP connection using BGP soft reconfiguration, use the clear ip bgp EXEC 
command at the system prompt. 


= clear ip bgp {* | address | peer-group-name} [soft [in | out]] 


Syntax Description 


Parameter Description 

* Resets all current BGP sessions. 

address Resets only the identified BGP neighbor. 

peer-group-name Resets the specified BGP peer group. 

soft (Optional) Soft reset. Does not reset the session. 

in | out (Optional) Triggers inbound or outbound soft reconfiguration. If 
the in or out option is not specified, both inbound and outbound 
soft reset are triggered. 
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Outbound Soft Reconfiguration 
Cisco lOS Commands 


router# 


clear ip bgp ip-address soft out 


BGP table 


Outgoing neighbor 


Copy of updates 


received from 


neighbor 
filter-list out 


route-map out 
(filters, ...) 
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When the network administrator has completed the changes to filters and route-maps that are 
applied on the outgoing information (changes that will implement a new routing policy), the 
clear ip bgp ip-address soft out is executed on the router in privileged EXEC mode. After the 
command has been entered, the router will not tear the session down. Instead, the table version 
number of the neighbor is reset to 0. When the next update interval for the neighbor arrives, the 
local router will go through the entire BGP table and find that all the routes need to be sent to 
the neighbor because they all have a table version number higher than 0. 


This process causes all the BGP routes to be resent through the new filters. 
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Monitoring Soft Reconfiguration 


This topic identifies the Cisco IOS tools that are available to monitor the operation of a soft 
reconfiguration. 


Monitoring Soft Reconfiguration 


Filters and Filters and 
route-maps route-maps 


Incoming neighbor Outgoing neighbor 


show ip bgp 


show ip bgp neighbor | g 
address advertised 
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The show ip bgp command is used to display the local BGP table. You can check the entries 
that have been propagated to a specific neighbor with the show ip bgp neighbor ip-address 
advertised command. It displays the subset of the local BGP table that has passed the split- 
horizon check and all outgoing filters for the neighbor. 


You can check incoming information that is received from a neighbor with the show ip bgp 

neighbor ip-address routes command. It displays which of the routes in the local BGP table 
were received (and accepted) from the indicated neighbor. Only routes that are passed by the 
incoming filter for the neighbor are displayed. 


If the soft-reconfiguration inbound feature is enabled for a neighbor, the information that is 
saved in the extra copy outside the filters is displayed using the show ip bgp neighbor ip- 
address received command. 


These commands are useful when you are troubleshooting the routing policy. You can compare 
routes outside the incoming filters with what was actually accepted into the BGP table from a 
neighbor. In addition, routes that are transmitted and advertised to a neighbor can be compared 
to what is inside the outgoing filters in the local BGP table. 
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Route Refresh 


This topic describes the function and benefits of the route refresh function. 


Route Refresh 


¢ Route refresh is a new BGP capability. 


° It is used to request a neighbor to resend routing 
information. 


° It is typically used after configuration changes to 
update the BGP table (route-map, distribute-list, 


prefix-list, filter-list, weight, local preference, MED, 
and so on). 


° The traditional way of accomplishing this function 
is to clear the BGP session. 


Route refresh is one of the new capabilities of BGP. Routers use the route refresh feature to 
request a neighbor to resend all the routing information when it is needed. 


There are several ways of refreshing the routing information from a neighbor: 


m= Clearing the neighbor relationship 


m™ Soft-clearing the neighbor relationship (if soft reconfiguration is enabled for this specific 
neighbor) 


m Using route refresh (if the neighbor supports this capability) 


Note To use soft reset without preconfiguration, both BGP peers must support the soft route 
refresh capability, which is advertised in the OPEN message that is sent when the peers 
establish a TCP session. Routers that run Cisco IOS software releases prior to Release 12.1 
do not support the route refresh capability and must clear the BGP session using the 
neighbor soft-reconfiguration command. 
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3-108 


Route Refresh (Cont.) 
nn erred 


Inbound soft reconfiguration consumes memory on 
the receiving router. 


* It is needed only because there is no mechanism in standard 
BGP to request retransmission of BGP routes. 


BGP route refresh is an optional BGP capability that 


allows a BGP router to request retransmission of 
BGP routes from a neighbor. 


BGP v3.1—3-12 


The soft-reconfiguration inbound feature consumes large volumes of memory in the Internet 
environment. The number of routes that can be received from a peer router on the Internet is so 
large that it is not feasible to store an extra copy. 


The only reason for making the extra copy is to be able to replay the data through the new 
routing policy without tearing down the session and re-establishing it. 


What is needed is a mechanism to ask the neighbor router to do a clear soft outbound. If this 
were possible, the extra copy would not be needed. The neighboring router, of course, has its 
own copy in its BGP table, which it could resend to the local router whenever it is signaled to 
do so. 


There is no such mechanism in standard BGP, but there is an optional BGP capability that 
allows one router to request a refresh from its neighbor: route refresh. 
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The following table compares the different methods of BGP session reset, stating the 
advantages and disadvantages of each. 


Type of Reset 


hard reset 


Advantages 


No memory overhead. 


Disadvantages 


The prefixes in the BGP, IP, and FIB 
tables that are provided by the 
neighbor are lost. Not recommended. 


outbound soft reset 


dynamic inbound soft 
reset 


No configuration, no storing of 
routing table updates. 


Does not clear the BGP session 
or cache. Does not require storing 
of routing table updates, and has 
no memory overhead. 


Does not reset inbound routing table 
updates. 


Both BGP routers must support the 
route refresh capability (Cisco |OS 
12.1 and later releases). 


configured inbound soft 
reset (uses the neighbor 


soft-reconfiguration 
command) 


Can be used when both BGP 
routers do not support the 
automatic route refresh capability. 


Requires preconfiguration. Stores all 
received (inbound) routing policy 
updates without modification, and is 
thus memory-intensive. 
Recommended only when absolutely 
necessary. 
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Example 


Route Refresh (Cont.) 
(a 


-. 


BGP session 


Route Refresh message 
BGP routes are resent 


Step #1 - Route refresh is negotiated when the BGP session is established. 
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Step #2 - Inbound routing policy is changed on RTR-B. 
Step #3 - Operator requests inbound route refresh. 

Step #4 - RTR-B sends route refresh message to RTR-A. 
Step #5 - RTR-A resends all BGP routes to RTR-B. 


2004 Cisco Systems, Inc. All rights reserved BGP v3.1—3-13 


The capability to use the route refresh feature must be negotiated by the router when the BGP 
session is first established. The local router keeps a record that the capability is available with 
the neighbor. There is no need to keep a copy of the routing information that is received from 
the neighbor if it has the capability to refresh. 


After reconfiguring the filters and route-maps that will implement a new routing policy, a 
network administrator can issue the clear ip bgp ip-address soft in command in the local 
router. The router will check whether the route refresh capability is available, and if it is, 
requests a resend of the BGP table of the neighbor instead of replaying its own copy. 
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Using Route Refresh 


This topic identifies the Cisco IOS command that is required to perform a route refresh. 


Using Route Refresh 
I 


router# 


clear ip bgp {* | ip-address | peer-group-name } in | 


° Sends a route refresh message to the neighbor‘(s). 


° The command only works if the neighbor has 
previously advertised the route refresh capability. 


Use the clear ip bgp * in command to send a route refresh message to all neighbors or clear ip 
bgp ip-address in to send a route refresh message to a specific neighbor. 


You need not use the soft keyword, because soft reset is automatically assumed when the route 
refresh capability is supported. 


clear ip bgp 


To reset a BGP connection with BGP soft reconfiguration, use the clear ip bgp privileged 
EXEC command at the system prompt. 


= clear ip bgp {* | ip-address | peer-group-name} [soft [in | out]] 


Syntax Description 


Parameter Description 

* Resets all current BGP sessions. 

address Resets only the identified BGP neighbor. 

peer-group-name Resets the specified BGP peer group. 

soft (Optional) Soft reset. Does not reset the session. 

in | out (Optional) Triggers inbound or outbound soft reconfiguration. If 
the in or out option is not specified, both inbound and outbound 
soft reset are triggered. 
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Monitoring Route Refresh 


This topic identifies the Cisco IOS commands that are required to monitor route refresh 
operation. 


Monitoring Route Refresh 
_———— ee a CNN a 


router# 


show ip bgp neighbor neighbor 


° Verifies the support for route refresh capability 


router# show ip bgp neighbor 5.0.0.2 
BGP neighbor is 5.0.0.2, remote AS 2, external link 
Index 2, Offset 0, Mask 0x4 
BGP version 4, remote router ID 193.77.3.241 
BGP state = Established, table version = 51, up for 22:12:51 
Last read 00:00:00, last send 00:00:00 
Hold time 3, keepalive interval 1 seconds 
Configured hold time is 3, keepalive interval is 1 seconds 
Neighbor NLRI negotiation: 
Configured for unicast routes only 
Peer negotiated unicast routes only 
Exchanging unicast routes only 
Received route refresh capability(new) from peer 
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Use the show ip bgp neighbor command to see if the neighbor supports the route refresh 


message. 
Note The printout of the show ip bgp neighbor command varies between IOS releases. The 
printout in the figure here was generated by Cisco IOS Release 12.0(1)S and represents a 
manual configuration of soft reset. 
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Monitoring Route Refresh (Cont.) 


router# debug ip 
H 8: BGP: 
: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 

: BGP: 


open active, local address 5.0.0.1 
sending OPEN, version 4 Old style 
OPEN revd, version 4 route refresh 
rev OPEN w/ OPTION parameter len: 26 

rev OPEN w/ option parameter type 2 (Capability) 
OPEN has CAPABILITY code: 1, length 4 

OPEN has MP EXT CAP for afi/safi: 1/1 

rev OPEN w/ option parameter type 2 (Capability) 
OPEN has CAPABILITY code: 128, length 0 

rev OPEN w/ option parameter type 2 (Capability) 
OPEN has CAPABILITY code: 2, length 0 

rev OPEN w/ option parameter type 2 (Capability) 
OPEN has CAPABILITY code: 129, length 6 

rcv REFRESH REQ for afi/sfai: 1/1 

start outbound soft reconfig for afi/safi: 1/1 New style 


route refresh 


KUHTnnnnnnannnw 
C00000000000000KN 
ooo00DDDDDDDD0NN 
NNNNNYNNNYNNVNVVVYN 


Initial 
route refresh 
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Debug output after BGP session reset. 
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Use debug ip bgp to display the negotiation of capabilities. Debugging displays received 
capabilities. 


The example shows that a neighbor is advertising both old-style and standard (new-style) route 
refresh. After the session has been established, an initial standard route refresh message is sent 
by the router for the address family 1/1 (IP version 4 [IPv4] unicast). 


Monitoring Route Refresh (Cont.) 


router# debug ip bgp 

router# debug ip bgp updates 

router# clear ip bgp 5.0.0.2 in 

1d00h: BGP: 5.0.0.2 sending REFRESH _REQ(5) for afi/safi: 1/1 

1d00h: : 5.0.0.2 rev UPDATE w/ attr: nexthop 5.0.0.2, origin i, metric 0, path 2 
1d00h: : 5.0.0.2 rev UPDATE about 10.0.0.0/8 

1d00h: : bumping version for 10.0.0.0/8 from 0 to 52 

1d00h: : nettable walker 10.0.0.0/8 calling revise route 

1d00h: : revise route installing 10.0.0.0/8 -> 5.0. 0.2 

1d00h: : 5.0.0.2 computing updates, neighbor version 51, table version 52, starti 
ng at 

1d00h: : 5.0.0.2 update run completed, ran for Oms, neighbor version 51, start ve 
rsion throttled to 52, check point net 0.0.0.0 

1d00h: : 3.0.0.2 computing updates, neighbor version 51, table version 52, starti 
ng at 0.0.0. 

1d00h: . .0.0.2 send UPDATE 10.0.0.0/8, next 3.0.0.1 

1d00h: 3 metric 0, path 1 2 

1d00h: : 3.0.0.2 1 updates enqueued (average=45, maximum=45) 

1d00h: : 3.0.0.2 update run completed, ran for Oms, neighbor version 51, start ve 
rsion 52, throttled to 52, check point net 0.0.0.0 
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Debugging also shows a route refresh message being sent to a neighbor after the network 
administrator issues the clear ip bgp ip-address in command from privileged EXEC mode. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
i 


Because of the huge volumes of routing information 
that BGP is capable of handling and the effects ofa 
mass routing update, BGP cannot use traditional 
routing update methods. 


Soft reconfiguration provides the possibility to run all 
routes through filters without tearing down the 
sessions. 


The soft reconfiguration method does not scale well in 
terms of the number of neighbors and prefixes because 
of the amount of memory that is required to perform 
the calculations. 


Although soft reconfiguration requires huge amounts 
of memory, the three-step process is still a valid way of 
implementing filter policy changes. 


Summary (Cont.) 


* The command that is most useful when you are 
troubleshooting the routing policy is the show ip bgp 
neighbor command with the advertised, routes, and 
received suffixes. 


Route refresh is a new BGP capability that is used to 
request a neighbor to resend routing information after 
configuration changes. 


The clear ip bgp ip-address soft in command sends a 
route refresh message to the neighboring router and 
executes if the neighbor has previously advertised the 
route refresh capability. 


To verify that a neighbor supports route refresh, you 
can use the show ip bgp neighbor command. To display 
the negotiation process, you can use the debug ip bgp 
command. 
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References 


For additional information, refer to these resources: 


m= For more information on route refresh and soft reconfiguration, refer to “BGP Soft Reset 
Enhancement” at the following URL: 
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t7/sft 
rst.htm 


Next Steps 


For the associated lab exercise, refer to the following section of the course Lab Guide: 


m Lab Exercise 3-4: Implementing Changes in BGP Policy 
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Lesson Assessments 


Overview 


Use the lesson assessments here to test what you learned in this module. The correct answers 
and solutions are found in the Lesson Assessment Answer Key. 


Outline 
This section includes these assessments: 
@ Quiz 3-1: Using Multihomed BGP Networks 
@ Quiz 3-2: Employing AS-Path Filters 
@ Quiz 3-3: Filtering with Prefix-Lists 
@ Quiz 3-4: Using Outbound Route Filtering 
@ Quiz 3-5: Applying Route-Maps as BGP Filters 
= Quiz 3-6: Implementing Changes in BGP Policy 
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Quiz 3-1: Using Multihomed BGP Networks 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


Quiz 


Describe the business issues of multihomed BGP networks in service provider 
environments 


Describe the technical issues of multihomed BGP networks in service provider 
environments 


Describe the need for BGP policies that influence route selection in a multihomed BGP 
network 


List typical routing policies for multihomed BGP customers 
Describe the need to influence BGP route selection in a service provider environment 


Describe the need for BGP filters in a service provider environment 


Answer these questions: 


Ql) 


Q2) 


Q3) 


Q4) 
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What are two reasons why a customer would want to connect to two ISPs? 

(Choose two.) 

A) to expand capacity for Internet traffic 

B) to better protect confidential information as it travels through the Internet 

C) to provide redundancy to mission-critical services that are offered over the 
Internet 

D) to efficiently route Internet traffic to two different divisions within the 
company 

What are the two technical requirements for multihomed customers? (Choose two.) 

A) The ISPs must assign a range of IP network numbers to the customer. 

B) The customer network must exchange BGP information with each ISP 
network. 

C) In most cases, the customer must have its own public AS number. 

D) The customer network must not use AS-path filters. 

Which three of the following are potential customer routing policies? (Choose three.) 

A) One service provider is designated as primary, and the other is a backup. 

B) Traffic is load-balanced across both ISP networks. 

C) Traffic toward a specific destination goes through only one of the ISPs. 

D) Traffic to direct customers of the ISPs goes direct; all other traffic goes through 
the primary ISP. 

Which two potential multihomed network issues can be prevented with IP prefix 

filters? (Choose two.) 

A) the propagation of private AS numbers 

B) the propagation of private addresses that are used in the network 

C) the propagation of unreachable next-hop addresses 

D) the propagation of more specific prefixes from an address range 
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Scoring 


You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 3-2: Employing AS-Path Filters 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


m Identify network scenarios where connections to multiple ISPs must be supported and 
where AS-path filters can be used to influence route selection 


m™ Describe the purpose of an AS-path regular expression 


m Describe how string-matching operators function when you are using AS-path regular 
expressions to match BGP routes 


m Identify where you can apply an AS-path filter when configuring a router to influence route 
selection 


m Identify the Cisco IOS commands that are required to configure AS-path filters to influence 
route selection 


m Identify the Cisco IOS commands that are required to monitor the operation of configured 
AS-path filters 


Quiz 
Answer these questions: 


Q1) Which three goals represent appropriate reasons to apply AS-path filters? (Choose 


three.) 

A) to ensure that only locally originated routes are announced 

B) to limit routes that are advertised from IBGP neighbors 

C) to select a subset of all routes based on their originating AS 

D) to limit neighbor route updates to specific AS-originated routes 


Q2) Which AS path is matched by the regular expression “72$”? 


A) 213 72 218 31 727 
B) 27 317 271 50 72 
C) 315 27 723 19 91 
D) 72 591 368 20 87 


Q3) What is the difference between the regular expressions “_100_” and “_100$”? 


A) The first expression refers to routes that have the substring “100” in their AS 
paths; the second expression refers only to routes that are directly connected to 
AS 100. 

B) The first expression refers to routes that have the substring “100” in their AS 
paths; the second expression refers only to routes that originated in AS 100. 

C) The first expression refers to routes that go through AS 100; the second 
expression refers to routes that originated in AS 100. 

D) The first expression refers to routes that are directly connected to AS 100; the 


second expression refers to routes that originated in AS 100. 
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Q4) ~~ Howdo you match AS paths that contain exactly two single-digit AS-numbers? 


A) Use the expression “**”, 
B) Use the expression “..”. 
C) Use the expression “[0-9] [0-9]”. 


D) Use the expression “A[0-9]_[0-9]$”. 


Q5) — Which three steps are required to apply a new inbound routing policy to a neighbor? 
(Choose three.) 


A) Define an AS-path access-list. 

B) Attach the AS-path filter to inbound or outbound updates for a specific BGP 
neighbor. 

C) Send incoming and outgoing AS-path filters to the BGP neighbor. 

D) Force the updates to go through the new filter. 


Q6) How can you test your regular expression? 


A) show ip bgp access-list command 
B) show ip bgp filter command 

C) show ip bgp regexp command 
D) show ip bgp summary command 


Scoring 


You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 3-3: Filtering with Prefix-Lists 


Complete this quiz to assess what you learned in the lesson. 


Objectives 
This assessment tests your knowledge of how to: 


m Identify the requirement for prefix-based filters in customer implementations where you 
must support connections to multiple ISPs 


m List the benefits of prefix-lists versus IP access-lists and describe the applications of prefix- 
lists in BGP networks 


m Identify the Cisco IOS command that is required to configure prefix-list filters 
m Describe where you can implement prefix-lists in a BGP network 


m Identify the Cisco IOS commands that are required to apply filtering of inbound or 
outbound updates with prefix-lists 


m Identify the Cisco IOS commands that are required to modify configured prefix-list filters 


m Identify the Cisco IOS commands that are required to monitor the operation of configured 
prefix-list filters 


Quiz 
Answer these questions: 


Q1) ~~ What are two reasons that a multihomed customer needs prefix-lists? (Choose two.) 


A) to ensure that only valid IP prefixes are announced to the ISPs 

B) to set a limit on the number of prefixes that it can accept from the ISPs 
C) to prevent the customer from receiving its own IP prefixes from the ISP 
D) to verify that the customer has received full Internet route tables 


Q2) | When you are defining prefix-lists, what are two reasons to use sequence numbers? 
(Choose two.) 


A) to reference the associated ACL for the prefix-list entry 

B) to provide a means of linking an AS-path filter-list to the prefix-list 
C) to provide an execution order for prefix-list entries 

D) to provide a means of inserting or deleting list entries 


Q3) | Howcan you apply the same prefix-list to multiple BGP neighbors on a router? 


A) by configuring a neighbor prefix-list statement for each BGP peer 

B) by configuring a neighbor distribute-list statement for each neighbor 

C) by using the BGP peer-group option with the neighbor statement 

D) by configuring the prefix-list as a global filter under the BGP routing process 


Q4)  Howcan you use the show ip prefix-list command to display the prefix-list entry that 
matches a specific prefix and length? 


A) This is not a feature of the show ip prefix-list command. 

B) By specifying the detail keyword. 

C) With the longer keyword to display all matches except those with more 
specific entries. 

D) By specifying the first-match keyword. 
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Scoring 


You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 3-4: Using Outbound Route Filtering 


Complete this quiz to assess what you learned in the lesson. 


Objectives 
This assessment tests your knowledge of how to: 
m= Describe the function of outbound route filtering in a BGP network 
m= Describe the format and function of an ORF message 


m Identify the Cisco IOS command that is required to enable ORF negotiations and activate 
an ORF prefix-list 


m Identify the Cisco IOS command that is used to trigger a route refresh 


m Identify the Cisco IOS command that is required to monitor the operation of a configured 
ORF 


Quiz 
Answer these questions: 
Q1) ~~ What best describes the capabilities of the proprietary ORF type that is supported on 
Cisco routers? 


A) standard BGP communities filtering 
B) extended BGP communities filtering 
C) AS-path filtering 
D) prefix-list filtering 
Q2) What are two key benefits to using outbound route filtering? (Choose two.) 
A) conserves CPU cycles 


B) improves security 
C) reduces bandwidth that is used by unnecessary routing updates 
D) increases neighbor availability 


Q3) | Howshould you configure the neighbor capability orf prefix-list command on a 
router that is applying a prefix-list filter as an outbound route policy? 


A) send 
B) receive 
C) both 


D) prefix-filter 


Q4) — What are two methods of determining that a router has ORF capabilities exchange 
configured? (Choose two.) 


A) with the show running-config | begin bgp command 
B) with the show ip bgp negotiate command 
C) with the show ip bgp neighbors command 
D) with the show ip prefix-list command 
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Q5) — What are two prerequisites before you can configure ORF prefix-list functionality? 
(Choose two.) 


A) A route refresh must be sent using the clear ip bgp command. 
B) A BGP peering session between the ORF routers must be up and running. 
C) ORF capabilities must be enabled on both routers. 
D) You must configure a prefix-list filter on the receiving router. 
Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 3-5: Applying Route-Maps as BGP Filters 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


Quiz 


Identify the need to use route-maps to influence route selection in a BGP network 


Identify the high-level function of a route-map 


Identify the Cisco IOS commands that are required to configure a route-map to match 
against a prefix-list 


Identify where you can apply route-maps as route filters in a BGP network 


Identify the Cisco IOS commands that is required to enable a route-map as a BGP route 


filter 


Identify the Cisco IOS commands that are required to monitor the operation of a configured 


route-map that is used as a BGP filter 


Answer these questions: 


Ql) 


Q2) 


Q3) 


Q4) 
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What are three commonly used route-map match criteria in BGP environments? 

(Choose three.) 

A) AS-path 

B) prefix-list 

C) community attribute 

D) local preference 

How do you implement a “permit all” when you are using route-maps? 

A) By default, a route-map has an “implicit permit any” if no match is found. 

B) You must configure a route-map with a “permit” parameter and no match 
clause. 

C) You must configure a route-map with a “deny” parameter and a “deny none” 
clause. 

D) You must configure a route-map with a “permit any” match clause. 

What happens to incoming BGP updates that do not match any route-map match 

clauses? 

A) They are entered into the BGP table. 

B) They are entered into the BGP table and marked with a weight of 32768. 

C) They are not accepted by the router or entered into the BGP table. 

D) They are entered into the BGP table if a matching route exists in the IP routing 
table. 

Which three BGP attributes can you set using route-maps? (Choose three.) 

A) MED 

B) weight metric 

C) next-hop 

D) atomic aggregate 
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Q5) ~~ What are three uses of route-maps in a BGP environment? (Choose three.) 


A) to filter incoming prefixes based on a prefix and the AS-path attribute 

B) to modify routing information currently in the BGP table 

C) to set BGP attributes such as weight and local preference on outgoing updates 
D) to filter the redistribution of IGP routes into BGP 


Q6) What are two reasons for using route-map sequence numbers? (Choose two.) 


A) to allow insertion or deletion of route-map entries 
B) to order the execution sequence of route-map match clauses 
C) to provide an ordered execution sequence for the route-map 
D) to map between prefix-list statements and route-map match clauses 
Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Quiz 3-6: Implementing Changes in BGP Policy 


Complete this quiz to assess what you learned in the lesson. 


Objectives 


This assessment tests your knowledge of how to: 


m Identify the limitations of the traditional methods of forcing BGP route updates after 
changing a filter policy 


m Describe the function and impact of the soft reconfiguration feature 


m Identify the Cisco IOS commands that are required to configure and perform a soft 
reconfiguration 


m Identify the Cisco IOS tools that are available to monitor the operations of a soft 
reconfiguration 


m Describe the function and benefits of the route refresh function 

m Identify the Cisco IOS command that is used to trigger a route refresh 

m Identify the Cisco IOS commands that are required to monitor route refresh operation 
Quiz 

Answer these questions: 


Q1) + Why is clearing a BGP session a disruptive change in routing policy? 


A) Clearing a BGP session takes a long time and can disrupt packet forwarding. 

B) You cannot recover information that is sent while the BGP session is being 
cleared. 

C) You cannot automatically re-establish sessions that are torn down during the 
clearing operation. 

D) You cannot selectively tear down BGP sessions; you must clear sessions with 
all neighbors. 

Q2) What is the impact of inbound soft reconfiguration? 

A) It clears the session after you reconfigure the new routing policy. 

B) It creates a copy of all routes that are received from a neighbor after the filters 
are applied. 

C) It requires extra memory to hold a copy of all routes that are received from the 
neighbor. 

D) It resets the table version number of the neighbor to 0. 


Q3) — Which two steps must you complete to use inbound soft configuration functionality? 
(Choose two.) 


A) Clear the BGP session inbound on the local router. 
B) Clear the BGP session outbound on the remote router. 
C) Configure the local neighbor with soft-reconfiguration in. 
D) Configure the remote neighbor with soft-reconfiguration out. 
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Q4) ~~ What are two situations when would you prefer inbound soft reconfiguration to route 


refresh? (Choose two.) 


A) when there is insufficient memory to hold a copy of the BGP table of the 


neighbor 

B) when a route refresh fails 

C) when you wish to troubleshoot filters and use the show ip bgp neighbor 
command with the received-routes option 

D) when the neighboring router does not support the route refresh capability 


Q5) | How do you determine whether a BGP neighbor supports route refresh? 
A) A flag in the BGP table indicates the presence of route refresh capability. 


B) The show ip bgp neighbor command indicates if the option is supported. 

C) Initiate debug ip bgp negotiation to see if the router has completed a route 
refresh capabilities exchange. 

D) Execute the clear ip bgp * command. Command-line BGP status messages 


will indicate route refresh support capabilities. 


Scoring 
You have successfully completed the quiz for this lesson when you earn a score of 80 percent 
or better. 
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Lesson Assessment Answer Key 


Quiz 3-1: Using Multihomed BGP Networks 


Qu) 
Q2) 
Q3) 
Q4) 


AGC 
B,C 
A,C,D 
B, D 


Quiz 3-2: Employing AS-Path Filters 


Ql!) 
Q2) 
Q3) 
Q4) 
Q5) 
Q6) 


A,C,D 


Quiz 3-3: Filtering with Prefix-Lists 


Ql!) 
Q2) 
Q3) 
Q4) 


A,C 
C,D 


Quiz 3-4: Using Outbound Route Filtering 


Ql!) 
Q2) 
Q3) 
Q4) 
Q5) 


Quiz 3-5: Applying Route-Maps as BGP Filters 


Ql!) 
Q2) 
Q3) 
Q4) 
Q5) 
Q6) 


Quiz 3-6: Implementing Changes in BGP Policy 


Q!) 
Q2) 
Q3) 
Q4) 
Q5) 


D 
A,C 
B 
A,C 
B,C 


A,B,C 


A,C,D 
ALC 
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